Cyble Research & Intelligence Labs (CRIL) recently released its weekly ICS vulnerability report, focusing on various vulnerabilities affecting industrial control systems (ICS). The report underscores the critical importance of addressing these threats promptly to ensure the security of critical infrastructure.
The findings, shared by the Cybersecurity and Infrastructure Security Agency (CISA) for the week of October 15 to October 21, 2024, highlighted 13 vulnerabilities across well-known manufacturers such as Siemens and Schneider Electric.
During this period, CISA issued seven security advisories outlining vulnerabilities in companies like Siemens, Schneider Electric, Elvaco, Mitsubishi Electric, HMS Networks, Kieback&Peter, and LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME. Notably, Elvaco reported four vulnerabilities, while Kieback&Peter identified three vulnerabilities.
Of particular concern are vulnerabilities affecting the Elvaco CMe3100 and Kieback&Peter DDC4000 Series. The Elvaco CMe3100, a communication gateway for remote energy meter reading, has been found online in 1,186 instances, mainly in Sweden. On the other hand, the Kieback&Peter DDC4000 Series, commonly used in HVAC management, showed eight instances requiring immediate attention.
Detailed insights into the vulnerabilities reported provide essential information for organizations to prioritize their patching efforts. Some of the critical vulnerabilities identified include:
– CVE-2024-3506: A medium-severity vulnerability affecting Siemens’ Siveillance Video Camera, potentially compromising physical access controls and CCTV operations.
– CVE-2023-8531: Schneider Electric’s Data Center Expert vulnerability in versions prior to 8.1.1.3, impacting DCS, SCADA, and BMS systems.
– CVE-2024-49396 and CVE-2024-49398: Critical risks for Elvaco’s CMe3100, including insufficiently protected credentials and unrestricted upload of dangerous file types.
– CVE-2024-41717: A critical path traversal vulnerability for Kieback&Peter’s DDC4002 and related versions, impacting field controllers and IoT devices.
These vulnerabilities underscore a concerning trend in the ICS sector, with high-severity vulnerabilities becoming more prevalent. Organizations must take proactive steps to address these flaws highlighted in the weekly ICS vulnerability report.
In response to these vulnerabilities, Cyble Research & Intelligence Labs (CRIL) recommends that organizations actively monitor security advisories, adopt a risk-based vulnerability management approach with a Zero-Trust framework, and enhance patch management by tracking critical vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Additionally, organizations should develop comprehensive patch strategies, including inventory management, assessment, testing, deployment, and verification of patches, with automation for greater efficiency. Continuous monitoring and logging capabilities, network segmentation, audits, vulnerability assessments, penetration testing, and leveraging a Software Bill of Materials (SBOM) are essential for enhancing cybersecurity and protecting critical infrastructure.
With major vendors like Siemens and Schneider Electric facing significant threats, it is imperative for businesses to implement these proactive measures to safeguard their systems and critical infrastructure.