CISA Urges Administrators To Review Newly Released Six ICS Advisories

The Cybersecurity and Infrastructure Security Agency (CISA)has issued a critical call to action for administrators and securityprofessionals to review six newly released Industrial Control Systems (ICS)advisories. Released on June 11, 2024, these advisories provide vitalinformation on current security issues, vulnerabilities, and exploits affectingICS. Given the importance of timely updates and vigilance in cybersecuritypractices, this announcement is particularly pertinent.

Overview of the Six ICS Advisories:

1. Rockwell Automation ControlLogix, GuardLogix, andCompactLogix

Rockwell Automation’s ControlLogix, GuardLogix, andCompactLogix controllers are facing a critical vulnerability, scoring 8.3 onthe CVSS v4 scale. The issue, stemming from an always-incorrect control flowimplementation, has a low attack complexity, potentially compromising theavailability of the affected devices.

2. AVEVA PI Web API

AVEVA’s PI Web API has been flagged with a criticalvulnerability, scoring 8.4 on the CVSS v4 scale. This remotely exploitablevulnerability involves the deserialization of untrusted data, potentiallyallowing attackers to execute code remotely with low complexity.

3. AVEVA PI Asset Framework Client

The PI Asset Framework Client by AVEVA has a criticalvulnerability rated at 7.0 on the CVSS v4 scale. Similar to the PI Web API,this issue involves the deserialization of untrusted data, posing a risk ofmalicious code execution with low attack complexity.

4. Intrado 911 Emergency Gateway

A critical vulnerability in Intrado’s 911 Emergency Gateway(EGW) has been identified, scoring a perfect 10.0 on the CVSS v4 scale. Thisvulnerability, involving SQL injection, can be exploited remotely with lowcomplexity, allowing for malicious code execution, data exfiltration, ordatabase manipulation.

5. Schneider Electric APC Easy UPS Online MonitoringSoftware (Update A)

Schneider Electric’s APC Easy UPS Online Monitoring Softwarehas a critical vulnerability, scoring 9.8 on the CVSS v3 scale. This issueinvolves OS command injection and missing authentication for criticalfunctions, with public exploits already available, posing significant risks.

6. MicroDicom DICOM Viewer

MicroDicom’s DICOM Viewer has been found to have a criticalvulnerability, scoring 8.7 on the CVSS v4 scale. This remotely exploitablevulnerability involves improper authorization in the handler for a custom URLscheme and a stack-based buffer overflow.

Additional ICS Advisories Released

In addition to the six advisories mentioned, CISA releasedtwenty more ICS advisories on June 13, 2024. These advisories cover devicesfrom Siemens, Fuji, Rockwell Automation, and Mitsubishi, providing timelyinformation on current security issues, vulnerabilities, and exploits in thesesystems.

CISA’s Call to Action

CISA urges all administrators and security professionals toreview these advisories and take appropriate actions to mitigate the identifiedrisks. Recommended actions include applying patches, updating software, andimplementing robust security measures. Staying informed about the latestsecurity threats and maintaining vigilant cybersecurity practices are essentialsteps in protecting critical infrastructure.

By addressing these vulnerabilities promptly,organizations can safeguard their ICS environments and contribute to theoverall securit