Skip to main content
(844) 422-7000

Schneider Electric EcoStruxure Power Design

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low Attack Complexity
Vendor: Schneider Electric
Equipment: EcoStruxure Power Design
Vulnerability: Deserialization of Untrusted Data

2. RISK EVALUATION

Successful exploitation of this vulnerability may allow for arbitrary code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Schneider Electric – EcoStruxure Power Design – Ecodial, an equipment management platform, are affected:

EcoStruxure Power Design – Ecodial NL: All Versions
EcoStruxure Power Design – Ecodial INT: All Versions
EcoStruxure Power Design – Ecodial FR: All Versions

3.2 Vulnerability Overview

3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502

All versions of Schneider Electric EcoStruxure Power Design – Ecodial NL, INT, and FR deserializes untrusted data which could allow an attacker to perform code execution when a malicious project file is loaded into the application by a valid user.

CVE-2024-2229 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Information Technology, Healthcare and Public Health, Critical Manufacturing, Transportation Systems, Energy, Chemical
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.

4. MITIGATIONS

Schneider Electric is establishing a remediation plan for all future versions of EcoStruxture Power Design – Ecodial that will include a fix for this vulnerability. Until then, customers should immediately apply the following mitigations to reduce the risk of exploit:

Compute hash of the project files and regularly check the consistency of this hash to verify the integrity before usage.
Store the hash information in a separate location from where the project file is stored.
When sharing or receiving project files with another user, the hash information should be provided over a separate, out of band channel.
When exchanging files over the network, use secure communication protocols.
Only open project files received from a trusted source.
Harden the workstation running the application.
Delete the accounts of people who no longer need access to the application and the computer running the application following the principle of least privilege.

To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric’s security notification service.

Schneider Electric strongly recommends the following industry cybersecurity best practices.

Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
Place all controllers in locked cabinets and never leave them in the “Program” mode.
Never connect programming software to any network other than the network intended for that device.
Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc., before use in the terminals or any node connected to these networks.
Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.
When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.

For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

March 12, 2024: Initial Publication

Chirp Systems Chirp Access

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 9.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Chirp Systems
Equipment: Chirp Access
Vulnerability: Use of Hard-coded Credentials

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to take control and gain unrestricted physical access to systems using the affected product.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Chirp Systems are affected:

Chirp Access: All Versions

3.2 Vulnerability Overview

3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798

Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access.

CVE-2024-2197 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities Sector
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Matt Brown reported this vulnerability to CISA.

4. MITIGATIONS

Chirp Systems has not responded to requests to work with CISA to mitigate this vulnerability. Users of the affected product are encouraged to contact Chirp Systems support for additional information.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

March 7, 2024: Initial Publication

Nice Linear eMerge E3-Series

1. EXECUTIVE SUMMARY

CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: Nice
Equipment: Linear eMerge E3-Series
Vulnerabilities: Path traversal, Cross-site scripting, OS command injection, Unrestricted Upload of File with Dangerous Type, Incorrect Authorization, Exposure of Sensitive Information to an Authorized Actor, Insufficiently Protected Credentials, Use of Hard-coded Credentials, Cross-site Request Forgery, Out-of-bounds Write

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow a remote attacker to gain full system access.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Nice Linear eMerge E3-Series are affected:

Linear eMerge E3-Series: versions 1.00-06 and prior

3.2 Vulnerability Overview

3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22

Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to path traversal. This could allow an attacker to gain unauthorized access to the system and sensitive data.

CVE-2019-7253 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22

Versions of Nice Linear eMerge E3-Series firmware 1.00-06 and prior are vulnerable to a file inclusion through path traversal, which could give the attacker access to sensitive information.

CVE-2019-7254 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

3.2.3 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79

Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to cross-site scripting, which could allow an attacker to obtain and alter some information on the system.

CVE-2019-7255 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

3.2.4 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (‘OS COMMAND INJECTION’) CWE-78

Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to OS command injection, which could allow an attacker to cause remote code execution.

CVE-2019-7256 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

3.2.5 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434

Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to unrestricted upload of malicious files, which could allow an attacker to execute arbitrary code.

CVE-2019-7257 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

3.2.6 INCORRECT AUTHORIZATION CWE-863

Nice Linear eMerge E3-Series versions 1.00-06 and prior suffer from an authorization mechanism vulnerability. This could allow an attacker to escalate privileges and gain full control of the system.

CVE-2019-7258 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

3.2.7 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200

An authorization bypass occurs in Nice Linear eMerge E3-Series versions 1.00-06 and prior when an authenticated attacker visits a specific GET request against the target, resulting in disclosure of administrative credentials in clear-text. This allows the attacker to re-login with admin privileges and have full access to the control interface.

CVE-2019-7259 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

3.2.8 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522

The application of Nice Linear eMerge E3-Series versions 1.00-06 and prior stores passwords in clear-text in its DBMS system. Storing a password in plaintext may result in a system compromise.

CVE-2019-7260 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.9 USE OF HARD-CODED CREDENTIALS CWE-798

Hard-coded credentials are present in multiple binaries bundled in the Nice Linear eMerge E3-Series versions 1.00-06 and prior firmware OS. These hard-coded credentials typically create a significant hole that could allow an attacker to bypass the authentication configured by the software administrator.

CVE-2019-7261 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.10 USE OF HARD-CODED CREDENTIALS CWE-798

The Nice Linear eMerge E3-Series versions 1.00-06 and prior access control platform has SSH enabled with hardcoded credentials for the root account. This could allow an unauthenticated attacker to initiate a secure connection with highest privileges (root) and gain full system access.

CVE-2019-7265 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.11 CROSS-SITE REQUEST FORGERY (CSRF) CWE-352

The application of Nice Linear eMerge E3-Series versions 1.00-06 and prior allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. An attacker could exploit this to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

CVE-2019-7262 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

3.2.12 OUT-OF-BOUNDS WRITE CWE-787

A stack-based buffer overflow exists, affecting several CGI binaries of Nice Linear eMerge E3-Series versions 1.00-06 and prior. The vulnerability is caused due to a boundary error in the processing of a user input, which an attacker could exploit to cause a buffer overflow. Successful exploitation could allow execution of arbitrary code on the affected device.

CVE-2019-7264 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Italy

3.4 RESEARCHER

Gjoko Krstic from Zero Science Lab reported these vulnerabilities to CISA.

4. MITIGATIONS

Nice/Nortek encourages users to upgrade to the latest firmware to mitigate the risk of these vulnerabilities. Please see Nice’s E3-Bulletin for more information.

Nice also recommends the following defensive measures to minimize the risk of exploitation of these vulnerabilities:

Minimize network exposure of devices, ensuring they are not accessible from the internet.
Place the devices behind firewalls and isolate them from other networks.
When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Keep your VPNs as updated as possible.
Change default credentials on the device.
Change the default IP address of the device.

See Nice’s Telephone Entry Bulletin for additional information.

Users should contact Nice with any questions.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

5. UPDATE HISTORY

March 5, 2024: Initial Publication

Delta Electronics CNCSoft-B

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: CNCSoft-B
Vulnerability: Stack-based Buffer Overflow

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Delta Electronics products are affected:

CNCSoft-B: Versions 1.0.0.4 and prior

3.2 Vulnerability Overview

3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121

Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

CVE-2024-1941 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Natnael Samson (@NattiSamson) working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.

4. MITIGATIONS

Delta recommends users update to CNCSoft-B V 1.0.0.4 with Issue Date 2024-01-23 or later.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

February 29, 2024: Initial Publication

Mitsubishi Electric Multiple Factory Automation Products

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 5.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric Corporation
Equipment: MELSEC iQ-F Series
Vulnerability: Insufficient Resource Pool

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow a remote attacker to cause a temporary denial-of-service (DoS) condition for a certain period of time in the product’s Ethernet communication by performing a TCP SYN Flood attack.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Mitsubishi Electric MELSEC iQ-F Series, a compact control platform, are affected:

Products with * are sold in limited regions.

MELSEC iQ-F FX5U-32MT/ES: All Versions
MELSEC iQ-F FX5U-32MT/DS: All Versions
MELSEC iQ-F FX5U-32MT/ESS: All Versions
MELSEC iQ-F FX5U-32MT/DSS: All Versions
MELSEC iQ-F FX5U-32MR/ES: All Versions
MELSEC iQ-F FX5U-32MR/DS: All Versions
MELSEC iQ-F FX5U-64MT/ES: All Versions
MELSEC iQ-F FX5U-64MT/ESS: All Versions
MELSEC iQ-F FX5U-64MT/DS: All Versions
MELSEC iQ-F FX5U-64MT/DSS: All Versions
MELSEC iQ-F FX5U-64MR/ES: All Versions
MELSEC iQ-F FX5U-64MR/DS: All Versions
MELSEC iQ-F FX5U-80MT/ES: All Versions
MELSEC iQ-F FX5U-80MT/DS: All Versions
MELSEC iQ-F FX5U-80MT/ESS: All Versions
MELSEC iQ-F FX5U-80MT/DSS: All Versions
MELSEC iQ-F FX5U-80MR/ES: All Versions
MELSEC iQ-F FX5U-80MR/DS: All Versions
MELSEC iQ-F FX5UC-32MT/D: All Versions
MELSEC iQ-F FX5UC-32MT/DSS: All Versions
MELSEC iQ-F FX5UC-64MT/D: All Versions
MELSEC iQ-F FX5UC-64MT/DSS: All Versions
MELSEC iQ-F FX5UC-96MT/D: All Versions
MELSEC iQ-F FX5UC-96MT/DSS: All Versions
MELSEC iQ-F FX5UC-32MT/DS-TS: All Versions
MELSEC iQ-F FX5UC-32MT/DSS-TS: All Versions
MELSEC iQ-F FX5UC-32MR/DS-TS: All Versions
MELSEC iQ-F FX5UJ-24MT/ES: All Versions
MELSEC iQ-F FX5UJ-24MT/DS: All Versions
MELSEC iQ-F FX5UJ-24MT/ESS: All Versions
MELSEC iQ-F FX5UJ-24MT/DSS: All Versions
MELSEC iQ-F FX5UJ-24MR/ES: All Versions
MELSEC iQ-F FX5UJ-24MR/DS: All Versions
MELSEC iQ-F FX5UJ-40MT/ES: All Versions
MELSEC iQ-F FX5UJ-40MT/DS: All Versions
MELSEC iQ-F FX5UJ-40MT/ESS: All Versions
MELSEC iQ-F FX5UJ-40MT/DSS: All Versions
MELSEC iQ-F FX5UJ-40MR/ES: All Versions
MELSEC iQ-F FX5UJ-40MR/DS: All Versions
MELSEC iQ-F FX5UJ-60MT/ES: All Versions
MELSEC iQ-F FX5UJ-60MT/DS: All Versions
MELSEC iQ-F FX5UJ-60MT/ESS: All Versions
MELSEC iQ-F FX5UJ-60MT/DSS: All Versions
MELSEC iQ-F FX5UJ-60MR/ES: All Versions
MELSEC iQ-F FX5UJ-60MR/DS: All Versions
MELSEC iQ-F FX5UJ-24MT/ES-A*: All Versions
MELSEC iQ-F FX5UJ-24MR/ES-A*: All Versions
MELSEC iQ-F FX5UJ-40MT/ES-A*: All Versions
MELSEC iQ-F FX5UJ-40MR/ES-A*: All Versions
MELSEC iQ-F FX5UJ-60MT/ES-A*: All Versions
MELSEC iQ-F FX5UJ-60MR/ES-A*: All Versions
MELSEC iQ-F FX5S-30MT/ES: All Versions
MELSEC iQ-F FX5S-30MT/ESS: All Versions
MELSEC iQ-F FX5S-30MR/ES: All Versions
MELSEC iQ-F FX5S-40MT/ES: All Versions
MELSEC iQ-F FX5S-40MT/ESS: All Versions
MELSEC iQ-F FX5S-40MR/ES: All Versions
MELSEC iQ-F FX5S-60MT/ES: All Versions
MELSEC iQ-F FX5S-60MT/ESS: All Versions
MELSEC iQ-F FX5S-60MR/ES: All Versions
MELSEC iQ-F FX5S-80*MT/ES: All Versions
MELSEC iQ-F FX5S-80*MT/ESS: All Versions
MELSEC iQ-F FX5S-80*MR/ES: All Versions

3.2 Vulnerability Overview

3.2.1 Insufficient Resource Pool CWE-410

In Mitsubishi Electric multiple FA products there is a denial-of-service (DoS) vulnerability that exists in the Ethernet function. A remote attacker could cause a temporary denial-of-service (DoS) condition for a certain period of time in the product’s Ethernet communication by performing a TCP SYN Flood attack.

CVE-2023-7033 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Japan

3.4 RESEARCHER

Mitsubishi Electric Corporation reported this vulnerability to CISA.

4. MITIGATIONS

Mitsubishi Electric recommends that users take the following mitigation measures to minimize the risk of exploiting this vulnerability:

Use a firewall, virtual private network (VPN) etc., to prevent unauthorized access when Internet access is required.
Use within a LAN and block access from untrusted networks and hosts through firewalls.
Use IP filter function to block access from untrusted hosts. For details on the IP filter function, please refer to the following manual for each product:
“13.1 IP Filter Function” in the MELSEC iQ-F FX5 User’s Manual (Communication).
Restrict physical access to the affected products and the LAN to which they are connected.

For specific update instructions and additional details refer to Mitsubishi Electric advisory 2023-023

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

February 27, 2024: Initial Publication

Delta Electronics CNCSoft-B DOPSoft

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: CNCSoft-B DOPSoft
Vulnerability: Uncontrolled Search Path Element

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Delta Electronics products are affected:

CNCSoft-B v1.0.0.4 DOPSoft: versions prior to v4.0.0.82

3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427

The affected product insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.

CVE-2024-1595 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Delta Electronics reported this vulnerability to CISA.

4. MITIGATIONS

Delta recommends users upgrade to CNCSoft-B v1.0.0.4, which includes DOPSoft v4.0.0.94.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

February 22, 2024: Initial Publication

Mitsubishi Electric Electrical Discharge Machines

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric Corporation
Equipment: Electrical discharge machines
Vulnerability: Improper Input Validation

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service condition on the products.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Mitsubishi Electric reports that the following electrical discharge machines are affected by this vulnerability in Microsoft Message Queuing service:

Wire-cut EDM MV Series MV1200S D-CUBES Series Standard system BRD-B60W000-**: all versions
Wire-cut EDM MV Series MV2400S D-CUBES Series Standard system BRD-B60W000-**: all versions
Wire-cut EDM MV Series MV4800S D-CUBES Series Standard system BRD-B60W000-**: all versions
Wire-cut EDM MV Series MV1200R D-CUBES Series Standard system BRD-B60W000-**: all versions
Wire-cut EDM MV Series MV2400R D-CUBES Series Standard system BRD-B60W000-**: all versions
Wire-cut EDM MV Series MV4800R D-CUBES Series Standard system BRD-B60W000-**: all versions
Wire-cut EDM MV Series MV1200S D-CUBES Series Special system BRD-B63W+++-**: all versions
Wire-cut EDM MV Series MV2400S D-CUBES Series Special system BRD-B63W+++-**: all versions
Wire-cut EDM MV Series MV4800S D-CUBES Series Special system BRD-B63W+++-**: all versions
Wire-cut EDM MV Series MV1200R D-CUBES Series Special system BRD-B63W+++-**: all versions
Wire-cut EDM MV Series MV2400R D-CUBES Series Special system BRD-B63W+++-**: all versions
Wire-cut EDM MV Series MV4800R D-CUBES Series Special system BRD-B63W+++-**: all versions
Wire-cut EDM MP Series MP1200 D-CUBES Series Standard system BRD-B60W000-**: all versions
Wire-cut EDM MP Series MP2400 D-CUBES Series Standard system BRD-B60W000-**: all versions
Wire-cut EDM MP Series MP4800 D-CUBES Series Standard system BRD-B60W000-**: all versions
Wire-cut EDM MP Series MP1200 D-CUBES Series Special system BRD-B63W+++-**: all versions
Wire-cut EDM MP Series MP2400 D-CUBES Series Special system BRD-B63W+++-**: all versions
Wire-cut EDM MP Series MP4800 D-CUBES Series Special system BRD-B63W+++-**: all versions
Wire-cut EDM MX Series MX900 D-CUBES Series Standard system BRD-B60W000-**: all versions
Wire-cut EDM MX Series MX2400 D-CUBES Series Standard system BRD-B60W000-**: all versions
Wire-cut EDM MX Series MX900 D-CUBES Series Special system BRD-B63W+++-**: all versions
Wire-cut EDM MX Series MX2400 D-CUBES Series Special system BRD-B63W+++-**: all versions
Sinker EDM SV-P Series SV8P D-CUBES Series Standard system BRD-M60W000-**: all versions
Sinker EDM SV-P Series SV12 D-CUBES Series Standard system BRD-M60W000-**: all versions
Sinker EDM SV-P Series SV8P D-CUBES Series Special system BRD-M63W+++-**: all versions
Sinker EDM SV-P Series SV12 D-CUBES Series Special system BRD-M63W+++-**: all versions
Sinker EDM SG Series SG8 D-CUBES Series Standard system BRD-M60W000-**: all versions
Sinker EDM SG Series SG12 D-CUBES Series Standard system BRD-M60W000-**: all versions
Sinker EDM SG Series SG28 D-CUBES Series Standard system BRD-M60W000-**: all versions
Sinker EDM SG Series SG8 D-CUBES Series Special system BRD-M63W+++-**: all versions
Sinker EDM SG Series SG12 D-CUBES Series Special system BRD-M63W+++-**: all versions
Sinker EDM SG Series SG28 D-CUBES Series Special system BRD-M63W+++-**: all versions

3.2 Vulnerability Overview

3.2.1 Improper Input Validation CWE-20

Remote code execution vulnerability due to Microsoft Message Queuing service on Microsoft Windows exists in electrical discharge machines.

CVE-2023-21554 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Japan

3.4 RESEARCHER

Mitsubishi Electric reported this vulnerability to CISA.

4. MITIGATIONS

Mitsubishi Electric recommends that users install the latest update. For information about how to install the update program, please contact your local service center.

Mitsubishi Electric recommends taking the mitigations listed below to minimize the risk of exploitation of this vulnerability.

Use a firewall, virtual private network (VPN) etc., to prevent unauthorized access when Internet access is required.
Use within a LAN and block access from untrusted networks and hosts through firewalls.
Restrict physical access to the affected products and to personal computers and network devices that can communicate with them.
Install anti-virus software on personal computers that can communicate with the affected products.

For specific update instructions and additional details refer to Mitsubishi Electric advisory 2023-022.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability) has been reported to CISA at this time.

5. UPDATE HISTORY

February 20, 2024: Initial Publication

Commend WS203VICM

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 9.4
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Commend
Equipment: WS203VICM
Vulnerabilities: Argument Injection, Improper Access Control, Weak Encoding for Password

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information or force the system to restart.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Commend reports that the following versions of WS203VICM video door station are affected:

WS203VICM: version 1.7 and prior

3.2 Vulnerability Overview

3.2.1 ARGUMENT INJECTION CWE-88

A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service.

CVE-2024-22182 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).

3.2.2 IMPROPER ACCESS CONTROL CWE-284

A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.

CVE-2024-21767 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H).

3.2.3 WEAK ENCODING FOR PASSWORD CWE-261

A weak encoding is used to transmit credentials for WS203VICM.

CVE-2024-23492 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities Sector
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Austria

3.4 RESEARCHER

Aarón Flecha Menéndez of S21sec reported these vulnerabilities to CISA.

4. MITIGATIONS

Although this is an end-of-life product, Commend has created new firmware version WS-CM 2.0 to address the first two issues. The new firmware can be loaded via the program “IP Station Config”. To install the firmware, follow the instructions below:

Log in to the Commend web-portal.
Download and extract the “Terminals Software Package”.
In “IP Station Config”, select the stations to be updated in the table.
Go to: Menu Station > Firmware Download
Select the file “WS-CM 2.0.geh” from the folder “WS-CM” and click on the button Open.

For additional information, please visit CSA-2024-42 on Commend’s cybersecurity website.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

February 20, 2024: Initial Publication

Ethercat Zeek Plugin

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: CISA
Equipment: Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Plugin for Zeek
Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow remote code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following GitHub commits (versions) of ICSNPP – Ethercat Plugin, a plugin for Zeek, are affected:

Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin: versions d78dda6 and prior

3.2 Vulnerability Overview

3.2.1 OUT-OF-BOUNDS WRITE CWE-787

Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution.

CVE-2023-7244 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.2 OUT-OF-BOUNDS WRITE CWE-787

Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution.

CVE-2023-7243 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.3 OUT-OF-BOUNDS READ CWE-125

Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds read during the process of analyzing a specific Ethercat packet. This could allow an attacker to crash the Zeek process and leak some information in memory.

CVE-2023-7242 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Multiple
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Cameron Whitehead of HACK@UCF reported these vulnerabilities to CISA.

4. MITIGATIONS

CISA recommends that users update Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin to commit 3bca34c or later.

To help reduce successful exploitation, users are encouraged to keep critical software updates and patches up to date in their system networks.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

February 20, 2024: Initial Publication

Siemens Parasolid

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low Attack Complexity
Vendor: Siemens
Equipment: Parasolid
Vulnerabilities: Out-of-bounds Read, NULL Pointer Dereference

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to leverage the vulnerability to perform remote code execution in the context of the current process.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following products of Siemens are affected:

Parasolid V35.0: all versions prior to V35.0.263
Parasolid V35.0: all versions prior to V35.0.251
Parasolid V35.1: all versions prior to V35.1.252
Parasolid V35.1: all versions prior to V35.1.170
Parasolid V36.0: all versions prior to V36.0.198

3.2 Vulnerability Overview

3.2.1 OUT-OF-BOUNDS READ CWE-125

The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process.

CVE-2023-49125 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2023-49125. A base score of 7.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.2 NULL POINTER DEREFERENCE CWE-476

The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVE-2024-22043 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

A CVSS v4 score has also been calculated for CVE-2023-49125. A base score of 4.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported these vulnerabilities to CISA.

4. MITIGATIONS

Siemens has released new versions for the affected products and recommends to update to the latest versions:

Parasolid V35.0: Update to V35.0.263 or later version

Parasolid V35.1: Update to V35.1.252 or later version

Parasolid V36.0: Update to V36.0.198 or later version

Parasolid V35.0, Parasolid V35.1: Do not open untrusted XT files in Parasolid

Parasolid V35.0: Update to V35.0.251 or later version

Parasolid V35.1: Update to V35.1.170 or later version

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

Do not open untrusted XT files in Parasolid.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see the associated Siemens security advisory SSA-797296 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.

5. UPDATE HISTORY

February 15, 2024: Initial Publication