Multiple ICS Advisories Released by CISA Detailing Exploits & Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has released two advisories highlighting significant security vulnerabilities in Industrial Control Systems (ICS) software and hardware.

These vulnerabilities, identified in AutomationDirect’s C-More EA9 Programming Software and Planet Technology’s industrial switch WGS-804HPT, could pose serious risks to critical infrastructure if exploited by attackers.

AutomationDirect C-More EA9 Programming Software

The C-More EA9 Programming Software by AutomationDirect has been found to contain multiple vulnerabilities, the most critical being stack-based buffer overflow issues.

These vulnerabilities, designated with a CVSS v4 score of 8.4 and a CVSS vector string indicating low attack complexity, are alarming as they could allow attackers to execute remote code.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Vulnerability Overview

CVE-2024-11609

CVE-2024-11609 is a stack-based buffer overflow vulnerability linked to improper file parsing by the AutomationDirect C-More EA9 Programming Software.

If exploited, this vulnerability allows attackers to execute arbitrary code remotely, leading to full system compromise. The issue exists in software versions 6.78 and earlier. It has been assigned a CVSS v4 score of 8.4, indicating a high severity.

CVE-2024-11610

Another file parsing stack-based buffer overflow vulnerability, CVE-2024-11610, could also lead to remote code execution by attackers.

This issue arises from inadequately managing memory during file handling, resulting in memory corruption. The vulnerability affects the same versions (6.78 and prior) and is also rated 8.4 (CVSS v4).

CVE-2024-11611

CVE-2024-11611 is the third identified stack-based buffer overflow vulnerability in the AutomationDirect C-More EA9 Programming Software.

Like the others, it exposes systems to remote code execution through memory corruption during file parsing. It shares the same CVSS v4 score of 8.4 and the same impact on affected software versions.

Planet Technology WGS-804HPT

Planet Technology’s WGS-804HPT industrial switch is affected by three critical vulnerabilities: stack-based buffer overflow, OS command injection, and integer underflow (wraparound).

These vulnerabilities have been assigned a CVSS v4 score of up to 9.3, highlighting their significant exploit potential.

Vulnerability Overview

CVE-2024-48871

CVE-2024-48871 is a stack-based buffer overflow vulnerability in the Planet Technology WGS-804HPT industrial switch.

Attackers can exploit this flaw by sending malicious HTTP requests, bypassing size checks, and executing remote code to control the device. It has been rated a CVSS v4 score of 9.3, indicating a critical level of risk.

CVE-2024-52320

This vulnerability, CVE-2024-52320, involves OS command injection. Attackers can manipulate the industrial switch through specially crafted HTTP requests, allowing them to execute unauthorized system commands.

The severity of this vulnerability is underscored by its CVSS v4 score of 9.3, reflecting the potential for remote exploitation and full system compromise.

CVE-2024-52558

CVE-2024-52558 is an integer underflow (wraparound) vulnerability affecting the industrial switch.

Through malformed HTTP requests, attackers could cause the device to crash, disrupting operations. While less severe than the other vulnerabilities, it still poses a significant risk with a CVSS v4 score of 6.9. 

These vulnerabilities highlight critical risks for industrial control systems, urging vendors and users to address them promptly through patches, firmware updates, and secure configurations.

The release of these advisories underscores the growing risks ICS devices and software face in an ever-evolving threat landscape.

Vendors and users must collaborate to address vulnerabilities through timely updates, rigorous access controls, and proactive monitoring solutions.

CISA’s detailed reporting highlights the critical need for vigilance in securing industrial environments.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses