The US Information Security and Infrastructure Agency (CISA), previously known for problems on the Adobe package, has released Tuesday eight alerts on industrial control systems (ICS), warning of serious defects affecting equipment from Delta Electronics and Rockwell Automation.
This set of issues includes as many as 13 security vulnerabilities in Delta Electronics’ InfraSuite Device Master real-time device monitoring software. All versions prior to 1.0.5 are affected by the issues.
What does CISA tell us about it?
“Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain access to files and credentials, elevate privileges, and remotely execute malicious code“, has said CISA.
At the top of the list there is CVE-2023-1133 (CVSS score: 9.8), a serious flaw that results from the InfraSuite Device Master accepting unverified UDP packets and deserialize the contentthereby allowing an unauthenticated remote attacker to execute arbitrary code.
CISA warned that two other deserialization bugs, viz CVE-2023-1139 (CVSS score: 8.8) e CVE-2023-1145 (CVSS score: 7.8), may have been used to achieve remote execution of malicious code.
Piotr Bazydlo and another anonymous security researcher were credited with discovering and reporting the deficiencies to CISA.
Another set of vulnerabilities relates to Rockwell Automation’s ThinManager ThinServer e affects the following versions of the thin client and remote desktop protocol (RDP) management software:
- 6.x – 10.x
- 11.0.0 – 11.0.5
- 11.1.0 – 11.1.5
- 11.2.0 – 11.2.6
- 12.0.0 – 12.0.4
- 12.1.0 – 12.1.5
- 13.0.0 – 13.0.1
And that’s not all: the most serious problems concern two path crossing faults identified as CVE-2023-28755 (CVSS score: 9.8) e CVE-2023-28756 (CVSS score: 7.5) that they might allow a remote (and even unauthenticated) attacker to upload malicious files to the directory where ThinServer.exe is installed.
Even more worrying, our hypothetical bad guy may use CVE-2023-28755 to overwrite existing executable files with Trojanized versions, potentially leading to remote (malicious) code execution.
“Successful exploit, via these vulnerabilities, could allow an attacker to remotely execute code on the target system/device or crash the software“, has declared the CISA.
Users are invited to update to versions 11.0.6, 11.1.6, 11.2.7, 12.0.5, 12.1.6 and 13.0.2 to avoid potential cyber threats, moreover the 6.x – 10.x versions of ThinManager ThinServers have been retired, which requires users to upgrade to a supported version.
As a workaround, it is also recommended to limit remote access to port 2031/TCP to known thin clients and ThinManager servers.
The disclosure comes more than six months after CISA did reported a high-severity buffer overflow vulnerability in Rockwell Automation ThinManager ThinServer (CVE-2022-38742CVSS score: 8.1) which could lead to arbitrary remote code execution.
Don’t upgrade: a die-hard habit
Unfortunately, in the minds of many people there is the fact that “if you update, then it goes wrong” (which is not only not always true, but more and more false over the years).
If we add to this the fact that many people rest on their laurels, because they get used to a certain version: it is quite clear that there are two elements that cause an omelet of considerable computer damage.
Unfortunately bad computer habits they are among the hardest to die ever, it doesn’t matter that high-level institutions such as Microsoft, Google, Apple or CISA itself warn of a potential danger, many users think they are clever and find themselves with the most disparate problems.
Evidently it would be appropriate to start listening to those who do this as a profession, avoiding doing their own thing.
#CISA #vulnerability #industrial #control #systems