Cyber Security News

CISA Releases ICS Advisories to Mitigate Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) released two critical Industrial Control Systems (ICS) advisories on October 15, 2024.

These advisories provide essential information about current security issues, vulnerabilities, and potential exploits affecting ICS.

The advisories focus on vulnerabilities in Siemens Siveillance Video Cameras and Schneider Electric Data Center Expert software.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Siemens Siveillance Video Camera Vulnerability

Executive Summary

The advisory identified a significant vulnerability in the Siemens Siveillance Video Camera system.

The vulnerability, classified as a “Classic Buffer Overflow,” is exploitable from an adjacent network and poses a substantial threat to systems using this equipment.

The Common Vulnerability Scoring System (CVSS) v4 score for this vulnerability is 7.3, indicating a high level of risk.

Technical Details

The affected products include all Siemens Siveillance Video Camera versions before V13.2.

The vulnerability, CVE-2024-3506, involves a buffer overflow issue in the camera’s drivers from the XProtect Device Pack.

This flaw allows attackers with network access to execute commands on the Recording Server under specific conditions.

Successful exploitation of this vulnerability could enable attackers to execute arbitrary commands, potentially compromising critical infrastructure sectors where these cameras are deployed worldwide.

Given the severity of the threat, CISA advises users and administrators to review Siemens’ ProductCERT Security Advisories for the most current information and mitigation strategies.

Schneider Electric Data Center Expert Vulnerabilities

Executive Summary

The second advisory highlights vulnerabilities in Schneider Electric’s Data Center Expert software.

These vulnerabilities include “Improper Verification of Cryptographic Signature” and “Missing Authentication for Critical Function.”

The CVSS v4 scores for these vulnerabilities are 8.6 and 8.2, respectively, reflecting their critical nature.

Technical Details

Affected versions include Data Center Expert 8.1.1.3 and earlier. The improper cryptographic signature verification (CVE-2024-8531) could allow attackers to manipulate upgrade bundles and execute arbitrary bash scripts as root.

Meanwhile, the missing authentication for critical functions (CVE-2024-8530) could expose private data by allowing direct access to “log captures” archives via HTTPS.

Exploiting these vulnerabilities could grant attackers unauthorized access to sensitive data and control over critical functions within data centers.

This poses significant risks to organizations relying on this software to monitor and manage their data infrastructure.

CISA strongly encourages users and administrators of Siemens Siveillance Video Cameras and Schneider Electric Data Center Expert software to review these advisories in detail.

Implementing recommended mitigations is crucial to protect against potential cyber threats that exploit these vulnerabilities.

The release of these advisories underscores the ongoing challenges in securing industrial control systems against cyber threats.

As cyber attackers continue to target critical infrastructure, timely updates and adherence to security advisories are vital for safeguarding sensitive systems.

By staying informed and proactive, organizations can better defend against potential exploits and ensure the integrity of their operations in an increasingly digital world.

How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Hitachi Authentication Bypass Vulnerability Allows Attackers to Hack the System Remotely

Critical Authentication Bypass Vulnerability Identified in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer. A…

2 hours ago

ConnectOnCall Data Breach, 900,000 Customers Data Exposed

 The healthcare communication platform ConnectOnCall, operated by ConnectOnCall.com, LLC, has confirmed a significant data breach…

2 hours ago

Kali Linux 2024.4 Released – What’s New!

Kali Linux has unveiled its final release for 2024, version Kali Linux 2024.4, packed with…

2 hours ago

CISA Warns of Adobe & Windows Kernel Driver Vulnerabilities Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding two significant…

3 hours ago

The Rise of AI-Generated Professional Headshots

It’s clear that a person’s reputation is increasingly influenced by their online presence, which spans…

18 hours ago

Hackers Abuse Google Ads To Attacking Graphic Design Professionals

Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals, as…

21 hours ago