Thursday, January 23, 2025
HomeCVE/vulnerabilityMultiple ICS Advisories Released by CISA Detailing Exploits & Vulnerabilities

Multiple ICS Advisories Released by CISA Detailing Exploits & Vulnerabilities

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) has released two advisories highlighting significant security vulnerabilities in Industrial Control Systems (ICS) software and hardware.

These vulnerabilities, identified in AutomationDirect’s C-More EA9 Programming Software and Planet Technology’s industrial switch WGS-804HPT, could pose serious risks to critical infrastructure if exploited by attackers.

AutomationDirect C-More EA9 Programming Software

The C-More EA9 Programming Software by AutomationDirect has been found to contain multiple vulnerabilities, the most critical being stack-based buffer overflow issues.

These vulnerabilities, designated with a CVSS v4 score of 8.4 and a CVSS vector string indicating low attack complexity, are alarming as they could allow attackers to execute remote code.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Vulnerability Overview

CVE-2024-11609

CVE-2024-11609 is a stack-based buffer overflow vulnerability linked to improper file parsing by the AutomationDirect C-More EA9 Programming Software.

If exploited, this vulnerability allows attackers to execute arbitrary code remotely, leading to full system compromise. The issue exists in software versions 6.78 and earlier. It has been assigned a CVSS v4 score of 8.4, indicating a high severity.

CVE-2024-11610

Another file parsing stack-based buffer overflow vulnerability, CVE-2024-11610, could also lead to remote code execution by attackers.

This issue arises from inadequately managing memory during file handling, resulting in memory corruption. The vulnerability affects the same versions (6.78 and prior) and is also rated 8.4 (CVSS v4).

CVE-2024-11611

CVE-2024-11611 is the third identified stack-based buffer overflow vulnerability in the AutomationDirect C-More EA9 Programming Software.

Like the others, it exposes systems to remote code execution through memory corruption during file parsing. It shares the same CVSS v4 score of 8.4 and the same impact on affected software versions.

Planet Technology WGS-804HPT

Planet Technology’s WGS-804HPT industrial switch is affected by three critical vulnerabilities: stack-based buffer overflow, OS command injection, and integer underflow (wraparound).

These vulnerabilities have been assigned a CVSS v4 score of up to 9.3, highlighting their significant exploit potential.

Vulnerability Overview

CVE-2024-48871

CVE-2024-48871 is a stack-based buffer overflow vulnerability in the Planet Technology WGS-804HPT industrial switch.

Attackers can exploit this flaw by sending malicious HTTP requests, bypassing size checks, and executing remote code to control the device. It has been rated a CVSS v4 score of 9.3, indicating a critical level of risk.

CVE-2024-52320

This vulnerability, CVE-2024-52320, involves OS command injection. Attackers can manipulate the industrial switch through specially crafted HTTP requests, allowing them to execute unauthorized system commands.

The severity of this vulnerability is underscored by its CVSS v4 score of 9.3, reflecting the potential for remote exploitation and full system compromise.

CVE-2024-52558

CVE-2024-52558 is an integer underflow (wraparound) vulnerability affecting the industrial switch.

Through malformed HTTP requests, attackers could cause the device to crash, disrupting operations. While less severe than the other vulnerabilities, it still poses a significant risk with a CVSS v4 score of 6.9. 

These vulnerabilities highlight critical risks for industrial control systems, urging vendors and users to address them promptly through patches, firmware updates, and secure configurations.

The release of these advisories underscores the growing risks ICS devices and software face in an ever-evolving threat landscape.

Vendors and users must collaborate to address vulnerabilities through timely updates, rigorous access controls, and proactive monitoring solutions.

CISA’s detailed reporting highlights the critical need for vigilance in securing industrial environments.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...