Menu
New vulnerabilities found in industrial control systems of major vendors

New vulnerabilities found in industrial control systems of major vendors

The US Cybersecurity and Infrastructure Security has revealed new vulnerabilities in the industrial systems from leading vendors including Siemens, Delta Electronics, Hitachi and Rockwell.

Shweta Sharma Shweta Sharma (CSO (US))
Comments

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories on 49 vulnerabilities in eight industrial control systems (ICS) this week, which are used across multiple critical infrastructure sectors.

The vulnerabilities identified by CISA were tracked in products from ICS providers including Siemens, Hitachi, Rockwell, Delta Electronics, VISAM, and Keysight.

Many of the vulnerabilities in CISA’s advisory are remotely exploitable, involve low attack complexity, and allow attackers to take control of affected systems, manipulate and modify settings, escalate privileges, bypass security controls, steal data, and crash systems.

Siemens systems have the most vulnerabilities

Twenty-three out of the 49 vulnerabilities in the advisory are from the Siemens systems, seven of which are yet-to-be-patched exploits in Siemens’ Ruggedcom APE1808, an industry-grade application processing engine (APE) module. The vulnerabilities in the APE module, used to host commercial applications, allows attackers to elevate privileges and compromise system functionalities.

The remaining 17 flaws were present in various third-party dependencies of Siemens’ Scalance W-700 devices, an industry-grade suite of networking and bus systems. These cover products in several critical infrastructure sectors ranging from chemical, energy, and food, to agriculture and manufacturing.

For the Scalance-based exploits, Siemens has urged organisations to update their software to v2.0 or later, and to implement controls for protecting network access to the devices.

Delta Electronics’ InfraSuite Device Master, a critical systems management technology used in the energy sector has received advisories against 13 new vulnerabilities that can be exploited to trigger denial-of-service conditions or to steal sensitive data.

New vulnerabilities were also found in VISAM’s Vbase Automation technology (7), Rockwell Automation’s ThinManager (3), Keysight N6845A Geolocation Server (1), Hitachi’s Energy GMS600, PWC600, and Relion products (1).

The CISA advisory coincided with a report from the European Union on threats to the transportation sector that also warned about the potential for ransomware attacks on OT systems used by aviation, maritime, railway, and road transport agencies. At least some of the vulnerable systems in CISA’s advisory pertain to organisations in the transportation sector as well.

Previously isolated, ICS and operational technology (OT) environments are no longer segregated and are now more accessible via the internet. This has made both ICS and OT networks more attractive targets for both financially motivated threat groups and nation-state actors.

Earlier this year, CISA issued a warning regarding multiple vulnerabilities affecting remote access and management systems used by critical infrastructure companies, especially in the energy and transportation sectors, including Sewio, InHand Networks, Sauter Controls, and Siemens.

The latest CISA advisory coincides with a European Union Agency for Cybersecurity (ENISA) report published this week, warning of potential ransomware attacks against OT systems in the EU transport sector. A few of the vulnerabilities reported by CISA can also be exploited in the transport sector.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Brand Post

Featured

Slideshows

Lenovo and WIICTA partner to 'break the bias'

Lenovo and WIICTA partner to 'break the bias'

Lenovo WILL+ (Women in Lenovo Leadership), in partnership with Reseller News' Women in ICT Awards (WIICTA), hosted a 'breaking the bias' luncheon in Auckland. Special guest Victoria Harris, co-founder of The Curve, gave an interactive session about closing the gender finances gap by taking control of your finances - while we work on mitigating bias in emerging technologies, we must also focus on eliminating bias where ideas emerge.

Lenovo and WIICTA partner to 'break the bias'
Channel honours ecosystem excellence at Reseller News Innovation Awards 2022

Channel honours ecosystem excellence at Reseller News Innovation Awards 2022

​Market-leading partners, vendors, distributors, telcos, start-ups and individuals were honoured during the Innovation Awards in 2022, as Reseller News raised the bar for ecosystem excellence in New Zealand. This running of Innovation Awards celebrated the accomplishments of 34 winners with Vanessa Sorenson inducted into the Hall of Fame 2022. Photos by Catus Photography.​

Channel honours ecosystem excellence at Reseller News Innovation Awards 2022
Channel community unites to kick-start Reseller News Innovation Awards 2022

Channel community unites to kick-start Reseller News Innovation Awards 2022

More than 530 executives came together under the Reseller News roof to celebrate ecosystem excellence and customer value at the Innovation Awards in 2022. Honoured during a black-tie event at the Cordis in Auckland, this running of Innovation Awards acknowledged the market-leading accomplishments of partners, vendors, distributors, telcos, start-ups and individuals, selected from a record-breaking pool of 224 finalists.

Channel community unites to kick-start Reseller News Innovation Awards 2022
Show Comments
 