CISA Alerts: June 25, 2024 – CISA Releases Two Industrial Control Systems Advisories

critical infrastructure

CISA Releases Two Industrial Control Systems Advisories

How are Vulnerabilities Rated?

This week's CISA advisories report focuses on Two Industrial Control Systems that affect critical infrastructure, Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater Systems.

These vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

This week's CISA advisories report focuses on Two Industrial Control Systems that affect critical infrastructure, including Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater Systems.

Vendor/Product:  ABB Ability System 800xA:  versions 6.1.1-2 and prior

  • ABB reports that the vulnerability only affects 800xA services in PC based client/server nodes.
  • Controllers are not affected by this vulnerability

Description: 

Improper Input Validation

An attacker who successfully exploited this vulnerability could, by using a malicious application that connects to a server application (applicable for all 800xA Base server applications), cause the server to crash by sending some specifically crafted message.

Impact: 

An attacker can create denial of services by continuously sending special crafted messages to the service in the system. The impacted service will be automatically restarted. For a redundant system using failover functionality there will be a failover to the redundant service, which may also be impacted by such an attack, stopping the affected service. The services will be attempted to be restarted by the System. However, if the attack is persistent, they will not be able to overcome this.

Note that repeated restarts of the affected service could be an indication of a compromise

Source: CVE-2024-3036

Max Severity:  Medium

CVSS Score: 6.9

Critical Infrastructure Sectors:  Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater Systems

Mitigation:

ABB recommends updating to an active product version to obtain the latest corrections. The problem is or will be corrected in the following product versions:

ABB 800xA Base 6.2.0-0 (part of System 800xA 6.2.0.0)

ABB 800xA Base 6.1.1-3 (part of System 800xA 6.1.1.2)

ABB 800xA Base 6.0.3-x (included in next revision)

For more information, please refer to ABB's Cybersecurity Advisory 7PAA013309

Vendor/Product:  PTC Creo Elements/Direct License Server:  Version 20.7.0.0 and prior

  • Creo Elements/Direct WorkManager / DDM 15.00 to 20.4
  • Creo Elements/Direct Drafting 15.00 to 20.7
  • Creo Elements/Direct Model Manager / Drawing Manager 15.00 to 20.7
  • Creo Elements/Direct Modeling 15.00 to 20.7
  • Creo Elements/Direct License Server (MEls) 20.7.0.0 or lower version
  • Note: That this vulnerability does not impact “PTC Creo License Server" (lmadmin, lmgrd)

Description: 

Missing Authorization

Vulnerability can lead to Remote Code Execution (RCE)

Impact: 

Creo Elements Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.

Source: CVE-2024-6071

Max Severity:  High

CVSS Score: 10.0

Critical Infrastructure Sectors:  Critical Manufacturing

Mitigation:

PTC recommends that users upgrade to Creo Elements/Direct License Server 20.7.0.1 or higher version:

Creo Elements/Direct Drafting

Creo Elements/Direct Model/Drawing Mgr

Creo Elements/Direct Modeling

Creo Elements/Direct WorkManager

If additional questions remain, please contact PTC Technical Support.

For more information, see PTC's CS article

If you suspect you may have a vulnerability that you need help to mitigate, the cybersecurity team Spry Squared is standing by.