Sewio, InHand Networks, SAUTER Controls, and Siemens Industrial Control Systems (ICS) are vulnerable to cyberattacks, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The advisories released on January 12th contain information on vulnerabilities, exploits, and other security flaws regarding ICSs. Users and admins are urged to consult the advisories for more technical information and mitigating measures.
The most severe of the flaws relate to Sewio’s RTLS Studio, which could be exploited by an attacker to ”obtain unauthorized access to the server, alter information, create a denial-of-service condition, gain escalated privileges, and execute arbitrary code”.
Industrial Control Systems` vulnerabilities discovered by CISA summarised
1. Sewio RTLS Studio
Researchers found a series of vulnerabilities in RTLS Studio:
- Use of Hard-coded Password,
- OS Command Injection,
- Out-of-bounds Write,
- Cross-Site Request Forgery,
- Improper Input Validation,
- Cross-site Scripting.
Successfully exploiting these flaws could give an attacker unauthorized access to the server, the ability to change data, and to run arbitrary code. CISA claims version 2.0.0 up to and including version 2.6.2 are all affected.
As mitigation measures, Sewio advises users to update their devices and recommends a series of workarounds:
- Reduce network exposure to a minimum for all control system devices and make the unaccessible from the internet
- Isolate external devices and control system networks from business networks by placing them behind firewalls.
- Regarding CVE-2022-45444 the database password should be reset manually
2. InHand Networks InRouter
InRouter302, and InRouter615 are affected by:
- Cleartext Transmission of Sensitive Information,
- OS Command Injection,
- Use of a One-way Hash with a Predictable Salt,
- Improper Access Control,
- Use of Insufficiently Random Values.
If threat actors manage to exploit these vulnerabilities, they could inflict injection of commands into the message queuing telemetry transport (MQTT), data leakage, and remote code execution. If chained, these flaws could allow an unauthorized remote user to completely compromise every cloud-managed InHand Networks device that can be accessed via the cloud.
InHand urges users to update their devices as follows:
- Update to IR302 V3.5.56 or later for InRouter302 users
- Update to InRouter6XX-S-V2.3.0.r5542 or later for InRouter615
3. SAUTER Controls Nova 200 – 220 Series (PLC 6)
Nova 200–220 Series (PLC 6) was reported affected with two vulnerabilities:
- Missing Authentication for Critical Function,
- Cleartext Transmission of Sensitive Information.
Threat actors could exploit these vulnerabilities to gain access to sensitive data and perform remote code execution.
SAUTER Controls stopped producing this device in 2016, so it is no longer supported. The company advises users to enforce all security measures needed to protect the building automation network access. Where necessary, users should also evaluate and upgrade legacy systems to newer solutions.
4. Siemens Mendix SAML Module
The Mendix SAML equipment is vulnerable to improper neutralization of input during web page generation (”Cross-site Scripting”).
Threat actors could use this vulnerability to trick users to click on malicious links and get access to sensitive data as a result.
Siemens recommends a series of solutions that consumers can implement:
- Update devices to corresponding newer versions,
- Enable multi-factor authentication (MFA), where suitable,
- Protecting network access,
- Configuring the environment according to their operational guidelines for industrial security.
At the moment, according to CISA cyber researchers, from what they know, there are no public exploits that target these vulnerabilities.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.