Posts Page - CloudCentric

Solar-Log Base 15

Written by on October 29, 2024. Posted in CISA-Published Industrial Control System Vulnerabilities.

1. EXECUTIVE SUMMARY

CVSS v4 5.1
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: Solar-Log
Equipment: Base 15
Vulnerability: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

2. RISK EVALUATION

Successful exploitation of this vulnerability could result in an attacker obtaining unauthorized access.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Solar-Log Base 15 are affected:

Base 15: Firmware 6.0.1 Build 161

3.2 Vulnerability Overview

The affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to bypass access controls and gain unauthorized access.

CVE-2023-46344 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2023-46344. A base score of 5.1 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Multiple
COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

CISA discovered a public proof of concept (PoC) as authored by Vincent McRae and Mesut Cetin of Redteamer IT Security and reported it to Solar-Log.

4. MITIGATIONS

Solar-Log has released the following versions for users to download:

Base 15: Firmware 6.2.0-170

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

October 29, 2024: Initial Publication

VIMESA VHF/FM Transmitter Blue Plus

Written by on October 24, 2024. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 6.9
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: VIMESA
Equipment: VHF/FM Transmitter Blue Plus
Vulnerability: Improper Access Control

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to perform a Denial-of-Service.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following version of VIMESA VHF/FM Transmitter Blue Plus, a VHF/FM Transmitter, is affected:

VHF/FM Transmitter Blue Plus: Version v9.7.1

3.2 Vulnerability Overview

3.2.1 Improper Access Control CWE-284

VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service (DoS) vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint ‘doreboot’ and restart the transmitter operations.

CVE-2024-9692 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

A CVSS v4 score has also been calculated for CVE-2024-9692. A base score of 6.9 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Communications
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Spain

3.4 RESEARCHER

CISA discovered this report authored by Gjoko Krstic.

4. MITIGATIONS

VIMESA has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact VIMESA for additional information.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

October 24, 2024: Initial Publication

iniNet Solutions SpiderControl SCADA PC HMI Editor

Written by on October 24, 2024. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: iniNet Solutions
Equipment: SpiderControl SCADA PC HMI Editor
Vulnerability: Path Traversal

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to gain remote control of the device.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of iniNet Solutions SpiderControl SCADA PC HMI Editor, a software management platform, are affected:

SpiderControl SCADA PC HMI Editor: Version 8.10.00.00

3.2 Vulnerability Overview

3.2.1 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CWE-22

iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal vulnerability. When the software loads a malicious ‘ems’ project template file constructed by an attacker, it can write files to arbitrary directories. This can lead to overwriting system files, causing system paralysis, or writing to startup items, resulting in remote control.

CVE-2024-10313 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-10313. A base score of 8.6 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Europe
COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

elcazator from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc. reported this vulnerability to CISA.

4. MITIGATIONS

iniNet Solutions recommends that users update SpiderControl SCADA PC HMI Editor to version 8.24.00.00 to mitigate this vulnerability.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

October 24, 2024: Initial Publication

Deep Sea Electronics DSE855

Written by on October 24, 2024. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 7.1
ATTENTION: low attack complexity/public exploits are available
Vendor: Deep Sea Electronics
Equipment: DSE855
Vulnerability: Missing Authentication for Critical Function

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to access stored credentials.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Deep Sea Electronics DSE855, an ethernet communications device, are affected:

DSE855: Version 1.0.26

3.2 Vulnerability Overview

3.2.1 Missing Authentication for Critical Function CWE-306

Deep Sea Electronics DSE855 is vulnerable to a configuration disclosure when direct object reference is made to the Backup.bin file using an HTTP GET request.

CVE-2024-5947 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2024-5947. A base score of 7.1 has been calculated; the CVSS vector string is (CVSS4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United Kingdom

3.4 RESEARCHER

CISA discovered this vulnerability authored by Gjoko Krstic.

4. MITIGATIONS

Deep Sea Electronics recommends that users update DSE855 to version 1.2.0.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

October 24, 2024: Initial Publication

ICONICS and Mitsubishi Electric Products

Written by on October 22, 2024. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: ICONICS, Mitsubishi Electric
Equipment: ICONICS Product Suite, Mitsubishi Electric MC Works64
Vulnerability: Incorrect Default Permissions

2. RISK EVALUATION

Successful exploitation of this vulnerability could result in disclosure of confidential information, data tampering, or a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

ICONICS reports that the following versions of ICONICS and Mitsubishi Electric Products are affected:

ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: Version 10.97.3 and prior
Mitsubishi Electric MC Works64: all versions

3.2 Vulnerability Overview

3.2.1 Incorrect Default Permissions CWE-276

There is an incorrect default permissions vulnerability in ICONICS and Mitsubishi Electric products which may allow a disclosure of confidential information, data tampering, or a denial of service condition due to incorrect default permissions.

CVE-2024-7587 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: ICONICS is headquartered in the United States. Mitsubishi Electric is headquartered in Japan.

3.4 RESEARCHER

Asher Davila and Malav Vyas of Palo Alto Networks reported this vulnerability to ICONICS.

4. MITIGATIONS

Version 10.97.3 CFR1 and later is not vulnerable to this issue. ICONICS recommends that users of its products take the following mitigation steps:

For new systems, use the 10.97.3 CFR1 or later version of the ICONICS products.
If planning to use GENESIS64 v10.97.3 or earlier on a new freshly installed system, do not install the included GenBroker32. Instead, download the latest GenBroker32 from ICONICS and install this version if needed.
For systems that already have v10.97.3 or an earlier version, or MC Works64 installed, verify the permissions on the c:ProgramDataICONICS folder do not include “Everyone”. If this folder is set to provide access to “Everyone”, remove this access by performing the following steps:

Right click C:ProgramDataICONICS folder and open the Properties display
Open the Security tab
Click Advanced
Click Change Permissions
Select “Everyone” and check the “Replace all object permissions entries with inheritable permission entries from this project” checkbox
Click Remove

ICONICS and Mitsubishi Electric recommends users update the ICONICS Suite with the latest security patches as they become available. ICONICS Suite security patches may be found here(login required).

ICONICS and Mitsubishi Electric is releasing security updates as critical fixes/rollup releases. Refer to the [ICONICS Whitepaper on Security Vulnerabilities])https://iconics.com/About/Security/CERT), and to the for information on the availability of the security updates.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

October 22, 2024: Initial Publication

Kieback&Peter DDC4000 Series

Written by on October 17, 2024. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Kieback&Peter
Equipment: DDC4000 Series
Vulnerabilities: Path Traversal, Insufficiently Protected Credentials, Use of Weak Credentials

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full administrator rights on the system.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Kieback&Peter DDC4000 series products are affected:

DDC4002 : Versions 1.12.14 and prior
DDC4100 : Versions 1.7.4 and prior
DDC4200 : Versions 1.12.14 and prior
DDC4200-L : Versions 1.12.14 and prior
DDC4400 : Versions 1.12.14 and prior
DDC4002e : Versions 1.17.6 and prior
DDC4200e : Versions 1.17.6 and prior
DDC4400e : Versions 1.17.6 and prior
DDC4020e : Versions 1.17.6 and prior
DDC4040e : Versions 1.17.6 and prior

3.2 Vulnerability Overview

3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22

The affected product is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system.

CVE-2024-41717 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-41717. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.2 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522

The affected product has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all users on the system.

CVE-2024-43812 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-43812. A base score of 8.6 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.3 USE OF WEAK CREDENTIALS CWE-1391

The affected product uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.

CVE-2024-43698 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-43698. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing Sector, Commercial Facilities Sector, Communications Sector, Financial Services Sector, Food and Agriculture Sector, Government Services and Facilities Sector, Healthcare and Public Health Sector, Information Technology Sector
COUNTRIES/AREAS DEPLOYED: Europe, the Middle East and Asia.
COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Raphael Ruf of terreActive AG reported these vulnerabilities to CISA.

4. MITIGATIONS

Kieback&Peter DDC4002, DDC4100, DDC4200, DDC4200-L and DDC4400 controllers are considered End-of-Life (EOL) and are no longer supported. Users operating these controllers should ensure they are operated in a strictly separate OT environment and consider updating to a supported controller.

Kieback&Peter recommends users update to DDC4002e, DDC4200e, DDC4400e, DDC4020e and DDC4040e controllers.

Kieback&Peter recommends all affected users contact their local Kieback&Peter office to update the firmware of the supported DDC systems to v1.21.0 or later.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

October 17, 2024: Initial Publication

HMS Networks EWON FLEXY 202

Written by on October 17, 2024. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 7.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: HMS Networks
Equipment: EWON FLEXY 202
Vulnerability: Insufficiently Protected Credentials

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to sniff and decode credentials that are transmitted using weak encoding techniques.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of EWON FLEXY 202, an industrial modular gateway, are affected:

EWON FLEXY 202: Firmware Version 14.2s0

3.2 Vulnerability Overview

3.2.1 CWE-522: Insufficiently Protected Credentials

The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.

CVE-2024-7755 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).

CVE-2024-7755 has been assigned to this vulnerability. A CVSS v4 base score of 7.1 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Water and Wastewater Systems, Energy, and Food and Agriculture
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Sweden

3.4 RESEARCHER

Anurag Chevendra, Parul Sindhwad and Dr. Faruk Kazi CoE-CNDS Lab, VJTI, Mumbai, India reported this vulnerability to CISA.

4. MITIGATIONS

HMS Networks recommends users update to firmware version 14.9s2.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

October 17, 2024: Initial Publication

LCDS LAquis SCADA

Written by on October 17, 2024. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 7.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME
Equipment: LAquis SCADA
Vulnerability: Cross-site Scripting

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to steal cookies, inject arbitrary code, or perform unauthorized actions.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of LAquis SCADA, an HMI program, are affected:

LAquis SCADA: Version 4.7.1.511

3.2 Vulnerability Overview

3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79

In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions.

CVE-2024-9414 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2024-9414. A base score of 7.0 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Chemical, Commercial Facilities, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems
COUNTRIES/AREAS DEPLOYED: South America
COMPANY HEADQUARTERS LOCATION: Brazil

3.4 RESEARCHER

Mounir Aarab reported this vulnerability to CISA.

4. MITIGATIONS

LCDS recommends users update to version 4.7.1.611 or newer versions of LAquis SCADA.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

October 17, 2024: Initial Publication

Elvaco M-Bus Metering Gateway CMe3100

Written by on October 17, 2024. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v4 9.2
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Elvaco
Equipment: M-Bus Metering Gateway CMe3100
Vulnerabilities: Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), Insufficiently Protected Credentials.

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution, impersonate and send false information, or bypass authentication.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Elvaco CMe3100, a metering gateway are affected:

CMe3100: Version 1.12. 1

3.2 Vulnerability Overview

3.2.1 INSUFFICIENTLY PROTECTED CREDENTIALS (CWE-522)

The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information.

CVE-2024-49396 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

A CVSS v4 score has also been calculated for CVE-2024-49396. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N).

3.2.2 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION(‘CROSS-SITE SCRIPTING’) (CWE-79)

The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts.

CVE-2024-49397 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-49397. A base score of 9.2 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.3 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE (CWE-434)

The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code.

CVE-2024-49398 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-49398. A base score of 8.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.4 MISSING AUTHENTICATION FOR CRITICAL FUNCTION (CWE-306)

The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.

CVE-2024-49399 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2024-49399. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy
COUNTRIES/AREAS DEPLOYED: Multiple
COMPANY HEADQUARTERS LOCATION: Sweden

3.4 RESEARCHER

Tomer Goldschmidt of Claroty Research – Team82 reported these vulnerabilities to CISA.

4. MITIGATIONS

Elvaco has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of M-Bus Metering Gateway CMe3100 are invited to contact Elvaco customer support for additional information.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploits specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

October 17, 2024: Initial Publication

Mitsubishi Electric CNC Series

Written by on October 17, 2024. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

1. EXECUTIVE SUMMARY

CVSS v3 5.9
ATTENTION: Exploitable remotely
Vendor: Mitsubishi Electric
Equipment: CNC Series
Vulnerability: Improper Validation of Specified Quantity in Input

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service (DoS) condition on the affected device.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Mitsubishi Electric products are affected:

M800VW (BND-2051W000-**): All versions
M800VS (BND-2052W000-**): All versions
M80V (BND-2053W000-**): All versions
M80VW (BND-2054W000-**): All versions
M800W (BND-2005W000-**): All versions
M800S (BND-2006W000-**): All versions
M80 (BND-2007W000-**): All versions
M80W (BND-2008W000-**): All versions
E80 (BND-2009W000-**): All versions
C80 (BND-2036W000-**): All versions
M750VW (BND-1015W002-**): All versions
M730VW/M720VW (BND-1015W000-**): All versions
M750VS (BND-1012W002-**): All versions
M730VS/M720VS (BND-1012W000-**): All versions
M70V (BND-1018W000-**): All versions
E70 (BND-1022W000-**): All versions
NC Trainer2 (BND-1802W000-**): All versions
NC Trainer2 plus (BND-1803W000-**): All versions

3.2 Vulnerability Overview

3.2.1 IMPROPER VALIDATION OF SPECIFIED QUANTITY IN INPUT CWE-1284

A denial-of-service (DoS) vulnerability exists in Numerical Control Systems (CNC). A malicious unauthenticated remote attacker may cause a denial-of-service (DoS) condition in the affected product by sending specially crafted packets to TCP port 683

CVE-2024-7316 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Japan

3.4 RESEARCHER

Mitsubishi Electric reported this vulnerability to CISA.

4. MITIGATIONS

Mitsubishi Electric recommends that users take the following mitigating measures to minimize the risk of exploiting this
vulnerability.

Use a firewall, virtual private network (VPN), etc. to prevent unauthorized access when internet access is required.
Install anti-virus software on your PC that can access the product.
Use within a LAN and block access from untrusted networks and hosts through firewalls.
Restrict physical access to the affected product and the LAN to which the product is connected.
Use IP filter function*1 to block access from untrusted hosts.
IP filter function is available for M800V/M80V Series and M800/M80/E80 Series.
For details about the IP filter function, please refer to the following manual for each product: M800V/M80V Series Instruction Manual “16. Appendix 3 IP Address Filter Setting Function” and M800/M80/E80 Series Instruction Manual “15. Appendix 2 IP Address Filter Setting Function”

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

For additional information see Mitsubishi Electric advisory.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability has a high attack complexity.

5. UPDATE HISTORY

October 17, 2024: Initial Publication