CISA Releases Two Industrial Control Systems Advisories
How are Vulnerabilities Rated?
This week's CISA advisories report focuses on Two Industrial Control Systems that affect critical infrastructure, Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater Systems.
These vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
This week's CISA advisories report focuses on Two Industrial Control Systems that affect critical infrastructure, including Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater Systems.
Vendor/Product: ABB Ability System 800xA: versions 6.1.1-2 and prior
- ABB reports that the vulnerability only affects 800xA services in PC based client/server nodes.
- Controllers are not affected by this vulnerability
Description:
Improper Input Validation
An attacker who successfully exploited this vulnerability could, by using a malicious application that connects to a server application (applicable for all 800xA Base server applications), cause the server to crash by sending some specifically crafted message.
Impact:
An attacker can create denial of services by continuously sending special crafted messages to the service in the system. The impacted service will be automatically restarted. For a redundant system using failover functionality there will be a failover to the redundant service, which may also be impacted by such an attack, stopping the affected service. The services will be attempted to be restarted by the System. However, if the attack is persistent, they will not be able to overcome this.
Note that repeated restarts of the affected service could be an indication of a compromise
Source: CVE-2024-3036
Max Severity: Medium
CVSS Score: 6.9
Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater Systems
Mitigation:
ABB recommends updating to an active product version to obtain the latest corrections. The problem is or will be corrected in the following product versions:
ABB 800xA Base 6.2.0-0 (part of System 800xA 6.2.0.0)
ABB 800xA Base 6.1.1-3 (part of System 800xA 6.1.1.2)
ABB 800xA Base 6.0.3-x (included in next revision)
For more information, please refer to ABB's Cybersecurity Advisory 7PAA013309
Vendor/Product: PTC Creo Elements/Direct License Server: Version 20.7.0.0 and prior
- Creo Elements/Direct WorkManager / DDM 15.00 to 20.4
- Creo Elements/Direct Drafting 15.00 to 20.7
- Creo Elements/Direct Model Manager / Drawing Manager 15.00 to 20.7
- Creo Elements/Direct Modeling 15.00 to 20.7
- Creo Elements/Direct License Server (MEls) 20.7.0.0 or lower version
- Note: That this vulnerability does not impact “PTC Creo License Server" (lmadmin, lmgrd)
Description:
Missing Authorization
Vulnerability can lead to Remote Code Execution (RCE)
Impact:
Creo Elements Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.
Source: CVE-2024-6071
Max Severity: High
CVSS Score: 10.0
Critical Infrastructure Sectors: Critical Manufacturing
Mitigation:
PTC recommends that users upgrade to Creo Elements/Direct License Server 20.7.0.1 or higher version:
Creo Elements/Direct Drafting
Creo Elements/Direct Model/Drawing Mgr
Creo Elements/Direct Modeling
Creo Elements/Direct WorkManager
If additional questions remain, please contact PTC Technical Support.
For more information, see PTC's CS article