View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 5.9
• ATTENTION: Exploitable from an adjacent network/low attack complexity
• Vendor: ZF
• Equipment: RSSPlus
• Vulnerability: Authentication Bypass By Primary Weakness

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely (proximal/adjacent with RF equipment) call diagnostic functions which could impact both the availability and integrity.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of RSSPlus are affected:

• RSSPlus 2M: build dates 01/08 through at least 01/23

3.2 VULNERABILITY OVERVIEW

3.2.1 AUTHENTICATION BYPASS BY PRIMARY WEAKNESS CWE-305

The affected product is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely (proximal/adjacent with RF equipment or via pivot from J2497 telematics devices) call diagnostic functions intended for workshop or repair scenarios. This can impact system availability, potentially degrading performance or erasing software, however the vehicle remains in a safe vehicle state.

CVE-2024-12054 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.4 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H).

A CVSS v4 score has also been calculated for CVE-2024-12054. A base score of 5.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Transportation Systems
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

National Motor Freight Traffic Association, Inc. (NMFTA) researchers Ben Gardiner and Anne Zachos reported this vulnerability to CISA.

4. MITIGATIONS

To most effectively mitigate general vulnerabilities of the powerline communication, any trucks, trailers, and tractors utilizing J2497 technology should disable all features where possible, except for backwards-compatibility with LAMP ON detection only. Users acquiring new trailer equipment should migrate all diagnostics to newer trailer bus technology. Users acquiring new tractor equipment should remove support for reception of any J2497 message other than LAMP messages.

ZF recommends:

• Moving away from security access and implementing the latest security feature authenticate (0x29)
• Ensure random numbers are generated from a cryptographically secure hardware true random number generator
• Adopting modern standards/protocols for truck trailer communication

NMFTA has published detailed information about how to mitigate these issues in the following ways:

• Install a LAMP ON firewall for each ECU
• Use a LAMP detect circuit LAMP ON sender with each trailer
• Change addresses dynamically on each tractor in response to detecting a transmitter on its current address.
• Install RF chokes on each trailer between chassis ground and wiring ground
• Load with LAMP keyhole signal on each tractor
• Flood with jamming signal on each tractor

Please visit NMFTA for additional details on these and other solutions.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

• January 21, 2025: Initial Publication

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 7.1
• ATTENTION: Exploitable from adjacent network
• Standard: Traffic Alert and Collision Avoidance System (TCAS) II
• Equipment: Collision Avoidance Systems
• Vulnerabilities: Reliance on Untrusted Inputs in a Security Decision, External Control of System or Configuration Setting

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to manipulate safety systems and cause a denial-of-service condition.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following revisions of TCAS II are affected:

• TCAS II: Versions 7.1 and prior

3.2 Vulnerability Overview

3.2.1 Reliance on Untrusted Inputs in a Security Decision CWE-807

By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories (RAs).

CWE-2024-9310 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).

A CVSS v4 score has also been calculated for CWE-2024-9310. A base score of 6.0 has been calculated; the CVSS vector string is (AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N).

3.2.2 External Control of System or Configuration Setting CWE-15

For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition.

CVE-2024-11166 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H).

A CVSS v4 score has also been calculated for CVE-2024-11166. A base score of 7.1 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Transportation Systems
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Giacomo Longo and Enrico Russo of Genova University reported these vulnerabilities to CISA.
Martin Strohmeier and Vincent Lenders of armasuisse reported these vulnerabilities to CISA.
Alessio Merlo of Centre for High Defense Studies reported these vulnerabilities to CISA.

4. MITIGATIONS

After consulting with the Federal Aviation Administration (FAA) and the researchers regarding these vulnerabilities, it has been concluded that CVE-2024-11166 can be fully mitigated by upgrading to ACAS X or by upgrading the associated transponder to comply with RTCA DO-181F.

Currently, there is no mitigation available for CWE-2024-9310.

These vulnerabilities in the TCAS II standard are exploitable in a lab environment. However, they require very specific conditions to be met and are unlikely to be exploited outside of a lab setting.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity.

5. UPDATE HISTORY

• January 21, 2024: Initial Publication

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v3 5.4
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Schneider Electric
• Equipment: EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation, EcoStruxure Power SCADA Operation 2020
• Vulnerability: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to tamper with folder names within the context of the product.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Schneider Electric reports that the following products are affected:

• Schneider Electric EcoStruxure™ Power Monitoring Expert (PME) 2021: All versions prior to 2021 CU1
• Schneider Electric EcoStruxure™ Power Monitoring Expert (PME) 2020: All versions prior to 2020 CU3
• Schneider Electric EcoStruxure™ Power Operation (EPO) 2022: All versions prior to 2022 CU4
• Schneider Electric EcoStruxure™ Power Operation (EPO) 2022 – Advanced Reporting and Dashboards Module: All versions prior to 2022 CU4
• Schneider Electric EcoStruxure™ Power Operation (EPO) 2021: All versions prior to 2021 CU3 Hotfix 2
• Schneider Electric EcoStruxure™ Power Operation (EPO) 2021 – Advanced Reporting and Dashboards Module: All versions prior to 2021 CU3 Hotfix 2
• Schneider Electric EcoStruxure™ Power SCADA Operation 2020 (PSO) – Advanced Reporting and Dashboards Module: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated attacker modifies folder names within the context of the product.

CVE-2024-8401 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Schneider Electric CPCERT reported this vulnerability to CISA.

CVE-2024-8401:
McKade Umbenhower of Sandia National Labs reported this vulnerability to CISA.

4. MITIGATIONS

Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:

• Schneider Electric EcoStruxure™ Power Monitoring Expert (PME) 2021 CU1 and prior: EcoStruxure™ Power Monitoring Expert 2021 CU2 includes a fix for this vulnerability and is available for download here: https://ecoxpert.se.com/software-center/power-monitoringexpert/ power-monitoring-expert-2021 OR EcoStruxure™ Power Monitoring Expert 2022 includes a fix for this vulnerability and is available for download here: https://ecoxpert.se.com/software-center/power-monitoringexpert/ power-monitoring-expert-2022 OR Upgrade to the latest version of EcoStruxure™ Power Monitoring Expert. Contact the customer care center for more information.
• Schneider Electric EcoStruxure™ Power Operation (EPO) 2022 CU4 and prior, Schneider Electric EcoStruxure™ Power Operation (EPO) 2022 – Advanced Reporting and Dashboards Module 2022 CU4 and prior: EcoStruxure™ Power Operations 2022 CU5 includes a fix for this vulnerability and is available for download here: https://community.se.com/t5/EcoStruxure-Power-Operation/v2022- Release-amp-Updates-Install-Procedure/m-p/416561/thread-id/6058 OR Upgrade to latest version of EcoStruxure™ Power Operations. Contact the customer care center for more information. Additionally, EcoStruxure™ Power operation 2022 with Advanced Reporting utilizes EcoStruxure™ Power Monitoring Expert. You will need to update the version of EcoStruxure™ Power Monitoring Expert installed independently of the EcoStruxure™ Power Operation patch level installed and apply the appropriate EcoStruxure™ Power Monitoring Expert update as outlined above. For assistance in determining the version of PME installed, contact the Schneider Electric Customer Care Center.
• Schneider Electric EcoStruxure™ Power Operation (EPO) 2021 CU3 Hotfix 2 and prior, Schneider Electric EcoStruxure™ Power Operation (EPO) 2021 – Advanced Reporting and Dashboards Module 2021 CU3 Hotfix 2 and prior: EcoStruxure™ Power Operations 2021 CU3 Hotfix 3 includes a fix for this vulnerability and is available for download here: https://community.se.com/t5/EcoStruxure-Power-Operation/v2022- Release-amp-Updates-Install-Procedure/m-p/416561/thread-id/6058 OR Upgrade to latest version of EcoStruxure™ Power Operations. Contact the customer care center for more information. Additionally, EcoStruxure™ Power Operation 2021 with Advanced Reporting utilizes EcoStruxure™ Power Monitoring Expert. You will need to update the version of EcoStruxure™ Power Monitoring Expert installed independently of the EcoStruxure™ Power Operation patch level installed and apply the appropriate EcoStruxure™ Power Monitoring Expert update as outlined above. For assistance in determining the version of PME installed, contact the Schneider Electric Customer Care Center.
• Schneider Electric EcoStruxure™ Power Monitoring Expert (PME) 2020 CU3 and prior: EcoStruxure™ Power Monitoring Expert 2020 is at its end-of-life support. Users should consider upgrading to the latest version offering of PME to resolve this issue. Please contact Schneider Electric Customer Care Center for more details.
• Schneider Electric EcoStruxure™ Power SCADA Operation 2020 (PSO) – Advanced Reporting and Dashboards Module All Versions: EcoStruxure™ Power SCADA Operation 2020 (PSO) – Advanced Reporting and Dashboards Module is at its end-of-life support. Users should consider upgrading to the latest version offering of EPO to resolve this issue. Please contact Schneider Electric Customer Care Center for more details.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

• January 14, 2025: Initial Publication

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 8.7
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Belledonne Communications
• Equipment: Linphone-Desktop
• Vulnerability: NULL Pointer Dereference

2. RISK EVALUATION

Successful exploitation of this vulnerability could could result in a remote attacker causing a denial-of-service condition on the affected devices.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following version of Linphone-Desktop is affected:

• Linphone-Desktop: Version 5.2.6

3.2 VULNERABILITY OVERVIEW

3.2.1 NULL POINTER DEREFERENCE CWE-476

The affected product is vulnerable to a NULL Dereference vulnerability, which could allow a remote attacker to create a denial-of-service condition.

CVE-2025-0430 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2025-0430. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Communications
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Vera Mens of Claroty Research – Team82 reported this vulnerability to CISA.

4. MITIGATIONS

Belledonne Communications recommends users implement the fix in Version 5.3.99 of the linphone-sdk.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

• January 14, 2025: Initial Publication

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v3 4.9
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Hitachi Energy
• Equipment: FOX61x Products
• Vulnerability: Relative Path Traversal

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to traverse the file system to access files or directories that would otherwise be inaccessible.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Hitachi Energy reports the following products are affected:

• Hitachi Energy FOX61x: R15A and prior
• Hitachi Energy FOX61x: R15B
• Hitachi Energy FOX61x: R16A
• Hitachi Energy FOX61x: R16B Revision E

3.2 VULNERABILITY OVERVIEW

3.2.1 RELATIVE PATH TRAVERSAL CWE-23

Hitachi Energy is aware of a vulnerability that affects the FOX61x. If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible.

CVE-2024-2461 has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

Hitachi Energy PSIRT reported this vulnerability to CISA.

4. MITIGATIONS

Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:

• FOX61x R16B Revision E (cesm3_r16b04_02, cesne_r16b04_02 and f10ne_r16b04_02) and older: Update to FOX61x R16B Revision G, Version (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07) and apply general mitigation factors. (Hitachi Energy recommends that users apply the update at the earliest convenience).
• FOX61x R15B: Recommended to update to FOX61X R16B Revision G, (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07) and apply general mitigation factors.
• FOX61x R15A and older including all subversions, FOX61x R16A: EOL versions – no remediation will be available. Recommended to update to FOX61X R16B Revision G, (cesm3_r16b04_07, cesne_r16b04_07, f10ne_r16b04_07) and apply general mitigation factors.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

• January 16, 2025: Initial Publication

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v3 7.2
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Schneider Electric
• Equipment: Data Center Expert
• Vulnerabilities: Improper Verification of Cryptographic Signature, Missing Authentication for Critical Function

2. RISK EVALUATION

Exploitation of these vulnerabilities could allow an attacker to expose private data or achieve remote code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Schneider Electric reports that the following products are affected:

• Schneider Electric Data Center Expert: 8.1.1.3 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347

An improper verification of cryptographic signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.

CVE-2024-8531 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

3.2.2 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306

A missing authentication for critical function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS.

CVE-2024-8530 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Schneider Electric CPCERT reported these vulnerabilities to CISA.

Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.

4. MITIGATIONS

Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:

Version 8.2 of EcoStruxure™ IT Data Center Expert includes fixes for these vulnerabilities and is available upon request from Schneider Electric’s Customer Care Center.

Additionally, Schneider Electric recommends that users:

• Ensure the principals of least privilege are being followed so that only those with need have account access and that the level of their respective account authorization aligns with their role, including Privileged Accounts as described in the Data Center Expert Security Handbook.
• Verify SHA1 checksums of upgrade bundles prior to executing upgrades as described in the Upgrades section of the Data Center Expert Security Handbook.
• Delete any existing “logcapture” archives present on the system and do not create any new “logcapture” archives. Existing archives can be deleted from the https://server_ip/capturelogs web page after authenticating.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

• January 16, 2025: Initial Publication

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 7.1
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Siemens
• Equipment: SIPROTEC 5
• Vulnerability: Files or Directories Accessible to External Parties

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

• Siemens SIPROTEC 5 6MD84 (CP300): Versions prior to 9.80
• Siemens SIPROTEC 5 7SA87 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SD82 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7SD82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SD86 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SD87 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SJ81 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7SJ81 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SJ82 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7SJ82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SJ85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 6MD85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SJ86 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SK82 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7SK82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SK85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SL82 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7SL82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SL86 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SL87 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SS85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7ST85 (CP300): All versions
• Siemens SIPROTEC 5 6MD86 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7ST86 (CP300): Versions prior to 9.80
• Siemens SIPROTEC 5 7SX82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SX85 (CP300): Versions prior to 9.80
• Siemens SIPROTEC 5 7SY82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7UM85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7UT82 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7UT82 (CP150): Versions prior to V9.80
• Siemens SIPROTEC 5 7UT85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7UT86 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7UT87 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 6MD89 (CP300): Versions 7.80 and after
• Siemens SIPROTEC 5 7VE85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7VK87 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7VU85 (CP300): Versions prior to 9.80
• Siemens SIPROTEC 5 Compact 7SX800 (CP050): Versions prior to V9.80
• Siemens SIPROTEC 5 6MU85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7KE85 (CP300): Versions 7.80 up to but not including 9.80
• Siemens SIPROTEC 5 7SA82 (CP100): Versions 7.80 and after
• Siemens SIPROTEC 5 7SA82 (CP150): Versions prior to 9.80
• Siemens SIPROTEC 5 7SA86 (CP300): Versions 7.80 up to but not including 9.80

3.2 VULNERABILITY OVERVIEW

3.2.1 FILES OR DIRECTORIES ACCESSIBLE TO EXTERNAL PARTIES CWE-552

Affected devices do not properly limit the path accessible via their webserver. This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.

CVE-2024-53649 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2024-53649. A base score of 7.1 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens ProductCERT reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

• SIPROTEC 5 6MD89 (CP300), SIPROTEC 5 7SA82 (CP100), SIPROTEC 5 7SD82 (CP100), SIPROTEC 5 7SJ81 (CP100), SIPROTEC 5 7SJ82 (CP100), SIPROTEC 5 7SK82 (CP100), SIPROTEC 5 7SL82 (CP100), SIPROTEC 5 7ST85 (CP300), SIPROTEC 5 7UT82 (CP100): Currently no fix is available
• SIPROTEC 5 Compact 7SX800 (CP050): Update to V9.80 or later version
• SIPROTEC 5 6MD84 (CP300): Update to V9.80 or later version
• SIPROTEC 5 7SA82 (CP150), SIPROTEC 5 7SD82 (CP150), SIPROTEC 5 7SL82 (CP150), SIPROTEC 5 7SA86 (CP300), SIPROTEC 5 7SA87 (CP300), SIPROTEC 5 7SD86 (CP300), SIPROTEC 5 7SD87 (CP300), SIPROTEC 5 7SJ86 (CP300), SIPROTEC 5 7SL86 (CP300), SIPROTEC 5 7SL87 (CP300) and SIPROTEC 5 7VK87 (CP300): Update to V9.80 or later version
• SIPROTEC 5 7SJ81 (CP150), SIPROTEC 5 7SJ82 (CP150), and SIPROTEC 5 7SJ85 (CP300): Update to V9.80 or later version
• SIPROTEC 5 7SK82 (CP150) and SIPROTEC 5 7SK85 (CP300): Update to V9.80 or later version
• SIPROTEC 5 7ST86 (CP300): Update to V9.80 or later version
• SIPROTEC 5 7SX82 (CP150) and SIPROTEC 5 7SX85 (CP300): Update to V9.80 or later version
• SIPROTEC 5 7SY82 (CP150): Update to V9.80 or later version
• SIPROTEC 5 7UT82 (CP150), SIPROTEC 5 7UT85 (CP300), SIPROTEC 5 7UT86 (CP300), and SIPROTEC 5 7UT87 (CP300): Update to V9.80 or later version
• SIPROTEC 5 7VU85 (CP300): Update to V9.80 or later version
• SIPROTEC 5 6MD85 (CP300) and SIPROTEC 5 6MD86 (CP300): Update to V9.80 or later version
• : Update to V9.80 or later version
• SIPROTEC 5 6MU85 (CP300): Update to V9.80 or later version
• SIPROTEC 5 7KE85 (CP300): Update to V9.80 or later version
• SIPROTEC 5 7SS85 (CP300): Update to V9.80 or later version
• SIPROTEC 5 7UM85 (CP300): Update to V9.80 or later version
• SIPROTEC 5 7VE85 (CP300): Update to V9.80 or later version

Siemens recommends operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid’s reliability can thus be minimized by virtue of the grid design. Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.

Recommended security guidelines can be found here.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-194557 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

• January 16, 2025: Initial Publication

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 8.5
• ATTENTION: Low attack complexity
• Vendor: Fuji Electric
• Equipment: Alpha5 SMART
• Vulnerability: Stack-based Buffer Overflow

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Fuji Electric Alpha5 SMART, a servo drive system, are affected:

• Alpha5 SMART: Versions 4.5 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

CVE-2024-34579 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-34579. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Japan

3.4 RESEARCHER

An anonymous researcher working with Trend Micro’s Zero Day Initiative reported this vulnerability to CISA.

4. MITIGATIONS

Fuji Electric has indicated that the vulnerabilities will not be fixed in Alpha5 SMART. Fuji Electric recommends users upgrade their systems to Alpha7.

For assistance, reach out directly to Fuji Electric’s support team.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

• January 16, 2025: Initial Publication

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 5.2
• ATTENTION: Exploitable locally
• Vendor: Siemens
• Equipment: Siveillance Video Camera Drivers
• Vulnerability: Insertion of Sensitive Information into Log File

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow a local attacker to read camera credentials stored in the Recording Server under specific conditions.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

• Siveillance Video Device Pack: Versions prior to V13.5

3.2 VULNERABILITY OVERVIEW

3.2.1 INSERTION OF SENSITIVE INFORMATION INTO LOG FILE CWE-532

Disclosure of sensitive information in HikVision camera driver’s log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions.

CVE-2024-12569 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-12569. A base score of 5.2 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens ProductCERT reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

• Ensure that only trusted people get local access to the driver log files on the Recording Server.
• Update to V13.5 or later version.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-404759 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity.

5. UPDATE HISTORY

• January 16, 2025: Initial Publication

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v3 7.4
• ATTENTION: Exploitable remotely
• Vendor: Siemens
• Equipment: Mendix LDAP
• Vulnerability: LDAP Injection

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to bypass username verification.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

• Siemens Mendix LDAP: All versions prior to 1.1.2

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN LDAP QUERY (‘LDAP INJECTION’) CWE-90

Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification.

CVE-2024-56841 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

• Mendix LDAP: Update to V1.1.2 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-314390 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability has a high attack complexity.

5. UPDATE HISTORY

• January 16, 2025: Initial Publication