Saturday, April 12, 2025
HomeCVE/vulnerabilityMultiple ICS Advisories Released by CISA Detailing Exploits & Vulnerabilities

Multiple ICS Advisories Released by CISA Detailing Exploits & Vulnerabilities

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) has released two advisories highlighting significant security vulnerabilities in Industrial Control Systems (ICS) software and hardware.

These vulnerabilities, identified in AutomationDirect’s C-More EA9 Programming Software and Planet Technology’s industrial switch WGS-804HPT, could pose serious risks to critical infrastructure if exploited by attackers.

AutomationDirect C-More EA9 Programming Software

The C-More EA9 Programming Software by AutomationDirect has been found to contain multiple vulnerabilities, the most critical being stack-based buffer overflow issues.

- Advertisement - Google News

These vulnerabilities, designated with a CVSS v4 score of 8.4 and a CVSS vector string indicating low attack complexity, are alarming as they could allow attackers to execute remote code.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Vulnerability Overview

CVE-2024-11609

CVE-2024-11609 is a stack-based buffer overflow vulnerability linked to improper file parsing by the AutomationDirect C-More EA9 Programming Software.

If exploited, this vulnerability allows attackers to execute arbitrary code remotely, leading to full system compromise. The issue exists in software versions 6.78 and earlier. It has been assigned a CVSS v4 score of 8.4, indicating a high severity.

CVE-2024-11610

Another file parsing stack-based buffer overflow vulnerability, CVE-2024-11610, could also lead to remote code execution by attackers.

This issue arises from inadequately managing memory during file handling, resulting in memory corruption. The vulnerability affects the same versions (6.78 and prior) and is also rated 8.4 (CVSS v4).

CVE-2024-11611

CVE-2024-11611 is the third identified stack-based buffer overflow vulnerability in the AutomationDirect C-More EA9 Programming Software.

Like the others, it exposes systems to remote code execution through memory corruption during file parsing. It shares the same CVSS v4 score of 8.4 and the same impact on affected software versions.

Planet Technology WGS-804HPT

Planet Technology’s WGS-804HPT industrial switch is affected by three critical vulnerabilities: stack-based buffer overflow, OS command injection, and integer underflow (wraparound).

These vulnerabilities have been assigned a CVSS v4 score of up to 9.3, highlighting their significant exploit potential.

Vulnerability Overview

CVE-2024-48871

CVE-2024-48871 is a stack-based buffer overflow vulnerability in the Planet Technology WGS-804HPT industrial switch.

Attackers can exploit this flaw by sending malicious HTTP requests, bypassing size checks, and executing remote code to control the device. It has been rated a CVSS v4 score of 9.3, indicating a critical level of risk.

CVE-2024-52320

This vulnerability, CVE-2024-52320, involves OS command injection. Attackers can manipulate the industrial switch through specially crafted HTTP requests, allowing them to execute unauthorized system commands.

The severity of this vulnerability is underscored by its CVSS v4 score of 9.3, reflecting the potential for remote exploitation and full system compromise.

CVE-2024-52558

CVE-2024-52558 is an integer underflow (wraparound) vulnerability affecting the industrial switch.

Through malformed HTTP requests, attackers could cause the device to crash, disrupting operations. While less severe than the other vulnerabilities, it still poses a significant risk with a CVSS v4 score of 6.9. 

These vulnerabilities highlight critical risks for industrial control systems, urging vendors and users to address them promptly through patches, firmware updates, and secure configurations.

The release of these advisories underscores the growing risks ICS devices and software face in an ever-evolving threat landscape.

Vendors and users must collaborate to address vulnerabilities through timely updates, rigorous access controls, and proactive monitoring solutions.

CISA’s detailed reporting highlights the critical need for vigilance in securing industrial environments.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate...

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as...

Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains,...

HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments

Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate...

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as...

Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains,...