The latest Cyble report reveals 54 vulnerabilities in critical ICS products from Siemens, Rockwell, and Delta, highlighting urgent security concerns.

Overview

Cyble Research & Intelligence Labs (CRIL) has released its latest Weekly Industrial Control System (ICS) Vulnerability Intelligence Report, sharing multiple vulnerabilities observed by the Cybersecurity and Infrastructure Security Agency (CISA) between October 8 and October 14, 2024. This week’s analysis focuses on security advisories and vulnerabilities that affect critical industrial infrastructure.

The Cybersecurity and Infrastructure Security Agency (CISA) has published 21 security advisories specifically targeting Industrial Control Systems (ICS). These advisories encompass a total of 54 distinct vulnerabilities affecting major vendors, including Siemens, Rockwell Automation, Schneider Electric, and Delta Electronics. Among these, Siemens has reported the highest number of vulnerabilities, totaling 34, while Rockwell Automation follows with 13. 

The report particularly emphasizes vulnerabilities within Siemens’ Tecnomatix Plant Simulation software, which has implications for energy sector applications. A total of 14 vulnerabilities have been identified within this software, with most receiving a high CVSS3 score of 7.8. If exploited, these vulnerabilities could allow attackers to execute arbitrary code or trigger a denial of service, posing a serious threat to operational integrity.

Among the most concerning findings is an Improper Authentication vulnerability linked to Siemens’ SENTRON 7KM PAC3200 (CVE-2024-41798). This power monitoring device, which measures and displays electrical parameters, is susceptible to attacks that exploit its Modbus TCP interface. Attackers can bypass authentication protections through brute-force methods or by monitoring cleartext communications. The advisory from Siemens indicates that “currently no fix is planned,” urging users to ensure that affected devices operate in secure environments to mitigate potential risks.

Vulnerabilities Details

The recent analysis by Cyble Research & Intelligence Labs (CRIL) provides a comprehensive overview of key vulnerabilities that organizations should prioritize for effective patch management and mitigation efforts. Notably, several vulnerabilities have been identified across various vendors, including Siemens, Rockwell Automation, and Delta Electronics.

One of the most intriguing vulnerabilities is CVE-2024-46886, associated with Siemens’ SIMATIC S7-1500 and S7-1200 CPUs, which pose an open redirect risk and are classified as medium severity. Another critical issue is CVE-2024-41981, found in multiple versions of Siemens’ Simcenter Nastran software, which is affected by a heap-based buffer overflow, designated as high severity. Similarly, CVE-2024-47046, also linked to Simcenter Nastran, involves improper memory buffer operations and carries a high severity rating.

Perhaps the most interesting vulnerability identified is CVE-2024-41798, related to Siemens’ SENTRON 7KM PAC3200. This issue involves improper authentication and is classified as critical, highlighting the potential for exploitation. Additionally, CVE-2024-47194, affecting Siemens’ ModelSim, reveals an uncontrolled search path element and is rated medium in severity. Another critical vulnerability, CVE-2024-47553, relates to the SINEC Security Monitor from Siemens, which faces an argument injection risk.

On the Rockwell Automation side, CVE-2024-7952 highlights a serious concern in the DataMosaix Private Cloud, where sensitive information exposure is rated as high severity. Delta Electronics also reported CVE-2024-47962, which involves a stack-based buffer overflow in its CNCSoft-G2 software, classified as high severity as well.

An overview of the vulnerabilities indicates a pronounced prevalence of high-severity issues among the disclosed vulnerabilities. Furthermore, a closer examination of vulnerabilities disclosed by vendors shows that the majority stem from companies engaged in critical infrastructure sectors, particularly Siemens and Rockwell Automation.

Recommendations and Mitigations

Given the identified vulnerabilities and their potential impacts, Cyble offers some important recommendations for organizations to strengthen their cybersecurity posture:

• Regularly monitor security advisories and alerts from vendors and authorities to remain aware of potential vulnerabilities.
• Implement a risk-based vulnerability management strategy to minimize the risk of exploitation, complemented by a Zero-Trust security model.
• Encourage threat intelligence analysts to assist in the patch management process by continuously tracking critical vulnerabilities.
• Ensure that your patch management strategy encompasses inventory management, patch assessment, testing, deployment, and verification. Automate these processes where feasible to enhance consistency and efficiency.
• Effective network segmentation can limit attackers’ ability to perform reconnaissance and lateral movement within critical environments.
• Periodically perform audits, vulnerability assessments, and penetration testing to identify and rectify security weaknesses.
• Establish ongoing monitoring and logging capabilities to detect network anomalies and potential threats early.
• Leverage SBOM to gain visibility into the individual components and libraries in use, along with their associated vulnerabilities.
• Implement physical controls to restrict unauthorized personnel from accessing critical devices and networks.
• Develop and regularly update an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents.

Conclusion

Addressing the vulnerabilities highlighted in the report requires a collaborative approach. Organizations should not only implement internal security measures but also engage with vendors and industry peers to share information and best practices. By adhering to the recommendations outlined above, organizations can better protect their assets and ensure the integrity of their critical infrastructure operations to remain ahead of online vulnerabilities and security trends.

Related