Friday, March 29, 2024
HomeSECURITYCISA warns of critical vulnerabilities in industrial control systems of several major...

CISA warns of critical vulnerabilities in industrial control systems of several major electronics vendors

-


CISA warns of critical vulnerabilities in industrial control systems of several major electronics vendors

Delta Electronics and Rockwell Automation software is at risk.

U.S. Agency for Cybersecurity and Infrastructure Security (CISA) this Tuesday released eight advisory documents on industrial control systems (ICS). Two documents are particularly interesting because they describe vulnerabilities affecting software from major electronics manufacturers and suppliers, Delta Electronics and Rockwell Automation.

Reference document under id ICSA-23-080-02 contains information about 13 security vulnerabilities in Delta Electronics’ InfraSuite Device Master, real-time device monitoring software. The problems affect all versions of the program up to 1.0.5.

“Successfully exploiting these vulnerabilities could allow an unauthorized attacker to access files and credentials, escalate privileges, and remotely execute arbitrary code,” says in the CISA message.

Vulnerability at the top of the list CVE-2023-1133 (CVSS score: 9.8) caused by the InfraSuite Device Master receiving unverified UDP packets and deserializes their contents, thereby allowing a remote unauthorized attacker to execute arbitrary code.

Two other deserialization vulnerabilities, CVE-2023-1139 (CVSS score: 8.8) and CVE-2023-1145 (CVSS score: 7.8) can also be used for remote code execution.

Another set of vulnerabilities, detailed in the advisory document under ID ICSA-23-080-06 refers to ThinManager ThinServer by Rockwell Automation and affects the following versions of thin client and remote desktop protocol management software (RDP):

  • 6.x – 10.x
  • 11.0.0 – 11.0.5
  • 11.1.0 – 11.1.5
  • 11.2.0 – 11.2.6
  • 12.0.0 – 12.0.4
  • 12.1.0 – 12.1.5 and
  • 13.0.0 – 13.0.1

The most serious of the problems are two path traversal vulnerabilities tracked as CVE-2023-28755 (CVSS score: 9.8) and CVE-2023-28756 (CVSS score: 7.5). They can allow a remote unauthorized attacker to upload arbitrary files to the directory where ThinServer.exe is installed.

More worryingly, an attacker can use CVE-2023-28755 to overwrite existing executable files with Trojan versions, which can also lead to remote code execution.

“Successfully exploiting these vulnerabilities could allow an attacker to remotely execute code on the target system/device or cause software to fail,” CISA notes.

Users are advised to upgrade to versions 11.0.6, 11.1.6, 11.2.7, 12.0.5, 12.1.6 and 13.0.2 to mitigate potential threats. ThinManager ThinServer versions 6.x-10.x are outdated and users need to upgrade to the latest version.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular