Multiple Critical ICS Vulnerabilities

Summary

The security of critical infrastructure and Industrial Control Systems (ICS) has increasingly become a concern as cybercriminals aim to exploit and degrade these systems in order to disrupt operations. Four ICS firms warned of vulnerabilities, ranging from critical to high severity. The Real Time Automation bug, tracing back to a component made by Claroty and discovered in the 499ES ENIP stack (all versions prior to 2.28), is vulnerable to denial-of-service (DOS) attacks and remote code execution. The Paradox bugs, discovered in the IP150 Internet Module, are vulnerable to buffer overflow attacks and remote code execution. The Johnson Controls Sensormatic Electronics bug, impacting American Dynamics victor Web Client and Software House C– CURE Web Client, is vulnerable to improper authorization and DOS attacks. Finally, the Schneider Electric bugs, found in the Interactive Graphical SCADA System (IGSS), are vulnerable to remote code execution.

Recommendations

The NJCCIC recommends critical infrastructure owners and operators apply respective patches or mitigations after appropriate testing. We also recommend owners and operators ensure operational technology (OT) environments are segmented from the information technology (IT) environments, employ a comprehensive  data backup plan, apply the Principle of Least Privilege, and establish a defense-in-depth cybersecurity strategy, including implementing the  ICS-CERT  seven strategies to defend ICS. More information can be found in the Threatpost article.