A recent report from Cyble ICS vulnerabilities has brought to light several critical vulnerabilities in industrial control systems (ICS) from major vendors such as Schneider Electric, mySCADA, and Automated Logic. These vulnerabilities, including some categorized as high risk, pose serious threats to systems in critical sectors like manufacturing, energy, and communications. Urging organizations to take immediate action to patch these flaws, the Cybersecurity and Infrastructure Security Agency (CISA) has provided guidance.
Compiled by Cyble Research and Intelligence Labs (CRIL), the report identifies vulnerabilities that could potentially allow attackers to breach sensitive systems and disrupt critical operations. CISA has issued advisories for a total of 15 vulnerabilities across various ICS products, emphasizing the importance of addressing these security risks promptly.
Among the most concerning vulnerabilities identified in the report are CVE-2024-10575, CVE-2024-47407, and CVE-2024-8525. These vulnerabilities impact critical infrastructure, including SCADA and building automation systems. For instance, CVE-2024-10575 in Schneider Electric’s EcoStruxure IT Gateway poses a critical risk due to missing authorization, potentially allowing attackers unauthorized access to critical systems, leading to data breaches and operational disruptions.
Similarly, CVE-2024-47407 in mySCADA’s myPRO Manager/Runtime presents a critical risk of OS Command Injection, enabling attackers to remotely execute arbitrary commands, compromising SCADA and Human-Machine Interface (HMI) systems. Furthermore, CVE-2024-8525 in Automated Logic’s WebCTRL Server v7.0 involves Unrestricted File Upload, allowing attackers to upload malicious files to building automation systems, compromising their integrity.
In addition to these critical flaws, the report also highlights CVE-2024-8933 in Schneider Electric’s Modicon M340, MC80, and Momentum systems, involving message integrity bypass. Moreover, CVE-2024-50054 in mySCADA’s myPRO Manager/Runtime involves a path traversal issue, potentially leading to unauthorized file access.
Vendor Breakdown and Industry Impact
Schneider Electric accounted for 50% of the reported vulnerabilities, primarily affecting industrial automation and energy management systems. mySCADA contributed 33% of the vulnerabilities, affecting SCADA and HMI systems. Automated Logic and CODESYS GmbH represented 17%, with flaws impacting building automation and PLC software. These vulnerabilities have significant consequences for critical infrastructure sectors, particularly in manufacturing, energy, and communications, which accounted for the majority of the reported issues.
Conclusion
CISA plays a crucial role in identifying and addressing ICS vulnerabilities by offering advisories to help organizations mitigate risks. To enhance ICS security, organizations should monitor alerts, adopt zero-trust architectures, segment networks, and implement robust patch management strategies. Regular vulnerability assessments, secure access protocols, and incident response plans are essential for quick recovery from potential attacks. Ongoing employee training on cybersecurity best practices is also vital in safeguarding critical infrastructure from evolving cyber threats. The recent vulnerabilities in Schneider Electric, mySCADA, and Automated Logic underscore the importance of timely patching and proactive security measures to protect critical infrastructure.