CISA has been taking their Industrial Control System security priority seriously with over 30 advisories released in the last couple months.
The most recent advisories cover Advantech R-SeeNet, a router monitoring application used; and Hitachi Energy APM Edge, an asset performance tracker specifically for power transformers.
These advisories cover a number of CVEs for each application and, in the case of R-SeeNet, involve the usual scumbag known as remote code execution.
ICSA-22-291-01 – R-SeeNet (Advantech)
Affected Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Systems
Reported by rgod, working with Trend Micro Zero Day Initiative.
Vulnerabilities:
CVE-2022-3387: “Path traversal attack. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files.”
CVSS v3 score: 6.5
CVE-2022-3386: “Stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution.”
CVSS v3 score: 9.8
CVE-2022-3385: “Stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.”
CVSS v3 score: 9.8
Mitigation: Update R-SeeNet to Version 2.4.12 or later.
CISA also recommends minimizing network exposure for all control systems and isolating them from the Internet.
ICSA-21-336-06 – APM Edge (Hitachi Energy)
Affected Critical Infrastructure Sectors: Energy
Reported by Hitachi Energy
Vulnerabilities:
Reliance on Uncontrolled Component (CWE-1357): Because APM Edge uses a number of open-source software components, a successful exploitation could cause the product to become inaccessible.
29 total vulnerabilities are involved in this advisory, with the worst case given a CVSS v3 score of 8.2.
Mitigation: update APM Edge to v4.0.
Hitachi also recommends certain security practices and firewall configurations that can be found on the CISA advisory page (linked above) and Hitachi’s advisory that can be downloaded as a PDF from CISA’s advisory page as well.
Image by American Public Power Association
#CISA #Advisory #Industrial_Control_Systems
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.
