The Cybersecurity and Infrastructure Security Agency (CISA) recently released advisories on critical vulnerabilities in industrial control systems, urging administrators to implement recommended security measures.
These vulnerabilities affect software from Delta Electronics, SEW-EURODRIVE, and Unitronics, each presenting unique risks to industrial operations.
Delta Electronics CNCSoft-G2 DOPSoft
Delta Electronics disclosed a significant security flaw in its CNCSoft-G2 DOPSoft, marked by the advisory ICSA-24-121-01. This critical stack-based buffer overflow vulnerability, assigned a CVSS v4 score of 8.5, could potentially allow attackers to execute arbitrary code.
This risk affects all versions up to 2.0.0.5 with DOPSoft v5.0.0.93, caused by improper validation of user-supplied data lengths before being copied to a fixed-size buffer.
Users are urged to update to version 2.1.0.4 or later. CISA also advises reducing network exposure and updating VPNs for secure remote access.
SEW-EURODRIVE MOVITOOLS MotionStudio
SEW-EURODRIVE issued an update for MOVITOOLS MotionStudio software due to a vulnerability allowing improper access to XML data, detailed in advisory ICSA-24-016-01.
With a CVSS v3 score of 5.6, the flaw involves inadequate restriction of XML External Entity (XXE) references, potentially leading to sensitive file exposure.
This issue affects version 6.5.0.2, discovered by Trend Micro’s Zero Day Initiative. Users are recommended to block outgoing TCP connections via "SEWManager.exe" and to update to version 6.70 as soon as possible.
Unitronics Vision Legacy Series
Unitronics released an update for its Vision Legacy series PLCs, particularly critical for water and wastewater infrastructures. Advisory ICSA-24-109-01 outlines a severe risk where passwords are stored in a recoverable format, enabling attackers to access PLC functions remotely.
This vulnerability affects several models, including Vision 230 and Vision 280, with a high severity CVSS v4 score of 8.7. Unitronics advises users to change default passwords and implement multi-factor access controls, particularly restricting Ethernet access to PLCs.
In response to these vulnerabilities, CISA emphasises the importance of minimising network exposure and employing secure remote access methods such as VPNs.
Additionally, they recommend conducting thorough impact analysis and risk assessments to safeguard industrial control systems against potential cyber-attacks.
These advisories reflect the ongoing challenges in cybersecurity for industrial environments and underscore the critical need for continuous vigilance and proactive security measures. CISA continues to offer guidance and resources to help protect these essential systems.
