Thursday, January 16, 2025
HomeCyber Security NewsCISA Issues 10 New Advisories on Industrial Control System Vulnerabilities

CISA Issues 10 New Advisories on Industrial Control System Vulnerabilities

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten critical advisories, highlighting vulnerabilities across Siemens’ industrial products.

Released on December 12, 2024, these advisories expose multiple flaws in Siemens’ hardware and software platforms critical to industrial control systems (ICS).

These vulnerabilities, if exploited, could lead to unauthorized access, code execution, denial-of-service, and other severe risks, making it imperative for organizations to strengthen their cybersecurity posture.

Below is a comprehensive summary of the advisories and associated Common Vulnerabilities and Exposures (CVEs), complete with links to additional information for each vulnerability.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

ICSA-24-347-01: Siemens CPCI85 Central Processing/Communication

CVE-2024-53832: Insufficiently Protected Credentials

The vulnerability affects Siemens CPCI85 products due to an unencrypted SPI bus connection. Attackers with physical access could observe authentication passwords and decrypt firmware files. While this vulnerability poses a moderate risk, it could compromise operational integrity in industrial environments.

ICSA-24-347-02: Siemens Engineering Platforms

CVE-2024-52051: Improper Input Validation

This vulnerability stems from improper input validation, allowing attackers to execute arbitrary commands locally. An exploit could disrupt engineering operations by manipulating user-controllable input.

ICSA-24-347-03: Siemens RUGGEDCOM ROX II

CVE-2020-28398: Cross-Site Request Forgery (CSRF)

The CSRF vulnerability affects the CLI web interface, enabling attackers to modify device configurations by tricking authenticated users into clicking malicious links. Exploitation could lead to unauthorized administrative actions.

ICSA-24-347-04: Siemens Parasolid

CVE-2024-54091: Out-of-Bounds Write

Siemens Parasolid is vulnerable to an out-of-bounds write flaw that occurs during the parsing of specially crafted PAR files. This issue could allow attackers to execute arbitrary code within the current process.

ICSA-24-347-05: Siemens Engineering Platforms

CVE-2024-49849: Deserialization of Untrusted Data

Untrusted data deserialization flaws in Siemens Engineering Platforms could lead to type confusion and arbitrary code execution. Exploitation might occur during the parsing of user-controlled log files.

ICSA-24-347-06: Siemens Simcenter Femap

CVE-2024-41981: Heap-Based Buffer Overflow

This vulnerability affects Simcenter Femap during the parsing of specially crafted BDF files, enabling attackers to cause memory corruption and execute arbitrary code.

CVE-2024-47046: Improper Restriction of Operations

Improper memory restrictions could allow attackers to execute malicious code. Exploitation arises from parsing specially crafted input.

ICSA-24-347-07: Siemens Solid Edge SE2024

CVE-2024-54093: Heap-Based Buffer Overflow

This vulnerability can be triggered while parsing specially crafted ASM files, leading to arbitrary code execution.

CVE-2024-54095: Integer Underflow

The integer underflow flaw could allow attackers to execute malicious code during the parsing of PAR files, compromising the operational integrity of industrial applications.

ICSA-24-347-08: Siemens COMOS

CVE-2024-49704: XML External Entity Reference

When parsing XML input, Siemens COMOS components are vulnerable to attacks that allow arbitrary file extraction. This flaw could enable attackers to access confidential system files.

CVE-2024-54005: XML External Entity Reference

By injecting malicious XML data, attackers can exploit communication channels between systems, leading to data leakage.

ICSA-24-347-09: Siemens Teamcenter Visualization

CVE-2024-45463: Out-of-Bounds Read

A flaw in the WRL file parsing mechanism allows attackers to read beyond allocated memory, potentially executing malicious code.

CVE-2024-52565: Out-of-Bounds Write

The vulnerability allows attackers to write beyond allocated memory during WRL file parsing, leading to code execution risks.

CVE-2024-53041: Stack-Based Buffer Overflow

This vulnerability involves stack memory overflow, which attackers could exploit to execute arbitrary code in the system.

ICSA-24-347-10: Siemens SENTRON Powercenter 1000

CVE-2024-6657: Incorrect Synchronization

A denial-of-service condition can occur during BLE pairing due to an incorrect synchronization flaw. This vulnerability is exploitable within a three-minute window after device restarts, potentially disrupting operations.

The vulnerabilities reported in CISA’s advisories underscore the critical nature of securing industrial systems. Siemens has released patches and mitigation recommendations for all affected products.

Organizations using Siemens industrial solutions are urged to promptly apply updates, enforce strict access controls, and monitor their systems for any signs of exploitation.

Collaboration between vendors, regulatory agencies, and end-users is vital to safeguarding ICS environments from these growing cyber threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks

As California grapples with devastating wildfires, communities are rallying to protect lives and property....

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August...

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's...

FTC Slams GoDaddy For Not Implement Standard Security Practices Following Major Breaches

The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks

As California grapples with devastating wildfires, communities are rallying to protect lives and property....

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August...

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's...