Attacks and Vulnerabilities
CISA
Critical infrastructure
ICS Security Framework
Industries
OT Network security
Vendors

CISA reveals ICS hardware vulnerabilities across Siemens RUGGEDCOM ROX, SIMATIC, Rockwell Automation equipment

July 18, 2023
CISA reveals ICS hardware vulnerabilities across Siemens RUGGEDCOM ROX, SIMATIC, Rockwell Automation equipment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued several security advisories on Thursday addressing vulnerabilities in industrial control systems (ICS) typically used across critical infrastructure sectors. The agency revealed the presence of hardware vulnerabilities across Siemens and Rockwell Automation equipment. It also released notices of hardware vulnerabilities across various Siemens product lines, including SIMATIC MV500, SIMATIC CN 4100, RUGGEDCOM ROX, and SiPass Integrated.

CISA revealed the presence of cross-site scripting and authentication bypass vulnerabilities in the Rockwell Automation equipment deployed globally across the critical manufacturing sector. Rockwell Automation PowerMonitor 1000: V4.011 is affected by these vulnerabilities.  

“Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product”, CISA said in its advisory. “The PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker, leading to a loss of data integrity.”

CISA advises users to take defensive steps to reduce the risk of exploiting this vulnerability. Users should upgrade to the latest version of V4.019, which has been patched to mitigate these issues. They must also isolate control system networks and remote devices from corporate networks by placing them behind firewalls.

In another advisory, CISA identified the presence of classic buffer overflows, cross-site request forgeries, inadequate encryption strength, risky cryptographic algorithms and many other vulnerabilities across Siemens RUGGEDCOM Rox products. “Successful exploitation of these vulnerabilities could allow an attacker to send a malformed HTTP packet” . 

All versions before V2.16.0 of Siemens RUGGEDCOM ROX are vulnerable to the use of a broken cryptographic algorithm, according to the advisory. “The exploitation of these vulnerabilities can cause certain functions to fail, achieve a man-in-the-middle attack, or arbitrary code execution,” it added.

Siemens reported this vulnerability to CISA. Also, Siemens recommends Octet-counted framing for experts to lower their risk of the buffer overflow vulnerability and update their products to the latest patch, as the vulnerability was fixed in V2.16.0 or later versions.

CISA also revealed that Siemens SIMATIC MV500 series included exposure of sensitive information, missing release of memory after effective lifetime, injection, inadequate encryption strength, and improper input validation vulnerabilities. The agency said that exploitation of these vulnerabilities could allow an attacker to read memory contents, disclose information, or cause a denial-of-service condition.

“An information leak was found in NFS over RDMA in net/sunrpc/xprtrdma/rpc_rdma.c in the Linux kernel. This flaw allows an attacker with normal user privileges to leak kernel information,” said CISA in its notice. Siemens released an update for the SIMATIC MV500 series family and recommends updating to the latest version. It also identified specific workarounds and mitigations that users can apply to reduce risk, including not accessing links from untrusted sources and only from trusted IP addresses.

CISA reported that Siemens’ SIMATIC CN 4100 equipment could expose sensitive information due to improper access control and incorrect permissions. The exploitation of this vulnerability could allow an attacker to gain access to sensitive information and bypass network isolation.

Deployed across multiple critical infrastructure sectors, CISA said in its advisory that “Affected devices consist of improper access controls in the configuration files that could lead to privilege escalation. An attacker could gain admin access with this vulnerability, leading to complete device control.” Michael Klassen and Martin Floeck of the BASF Security Team reported these vulnerabilities to Siemens.

Siemens called upon users to update to V2.5 or a later version. Siemens advises implementing suitable mechanisms to safeguard network access to devices as a fundamental security measure. To ensure secure operation of the devices within an IT environment, it is recommended to configure the environment in accordance with Siemens’ operational guidelines for industrial security and adhere to the recommendations outlined in the product manuals.

Siemens’ SiPass Integrated equipment was found to contain improper input validation vulnerability. The exploitation of this vulnerability could allow an attacker to disclose sensitive information, execute code in the context of the current process, or crash the application, causing a denial-of-service condition. Siemens has released update V2.90.3.8 for SiPass integrated and recommends updating to the latest version.

On the most recent set of CISA ICS advisories, was Honeywell’s Experion PKS, LX, and PlantCruise systems. Several hardware vulnerabilities were discovered, including heap-based buffer overflow, stack-based buffer overflow, out-of-bounds write, uncontrolled resource consumption, improper output encoding or escaping, deserialization of untrusted data, improper input validation, and incorrect comparison. Once again, CISA called upon users to update to the latest versions of the affected equipment. 

Industrial Cyber News Desk
Industrial Cyber News Desk

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation