ICS Network Controllers Open To Remote Exploit, No Patches Available

A security advisory issued this week by the Cybersecurity and Infrastructure Security Agency (CISA) alerts administrators of vulnerabilities in two industrial control systems devices — Unitronics Vision Series PLCs and Mitsubishi Electric MELSEC iQ-R Series.

CISA warned that the Unitronics Vision Series PLC controller is open to remote exploit due to its storage of passwords in a recoverable format. This vulnerability (CVE-2024-1480) was assigned a CVSS score of 8.7.

Unitronics has not responded to, or worked with, the agency to mitigate the issue, leaving networks with these devices open to cyberattack, according to CISA. The advisory recommends ensuring the controllers are not connected to the Internet, isolating them from business networks, protecting the devices behind firewalls, and using secure methods, like virtual private networks (VPNs), for remote access.

The remaining ICS vulnerabilities impact the Mitsubishi Electric Corporation MELSEC iQ-R CPU Module. A design flaw in the CPU, tracked under CVE-2021-20599, has been assigned a CVSS score of 9.1. The unit transmits passwords in cleartext, which are easily intercepted by adversaries.

The Mitsubishi MELSEC CPUs also harbor a trio of reported flaws that could allow a threat actor to compromise usernames, access the device, and deny access to legitimate users. These include: exposure of sensitive information (CVE-2021-20594, CVSS 5.9); insufficiently protected credentials (CVE-2021-20597, CVSS 7.4); and a restrictive account lockout mechanism (CVE-2021-20598, CVSS 3.7).

Mitsubishi is working to provide mitigations and workarounds for the issues. However, systems with these devices are unable to be updated with a fix, according to CISA. The agency advises administrators with these devices in their networks to shore up defenses with firewalls, remote access limitations, and IP address restrictions.

“Mitsubishi Electric has released the fixed version … but updating the product to the fixed version is not available,” the advisory said. “CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability.”

SEO Powered Content & PR Distribution. Get Amplified Today.
PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
Source: https://www.darkreading.com/ics-ot-security/ics-network-controllers-open-to-remote-exploit-no-patches-available

Plato Data Intelligence.
Vertical Search & Ai.

ICS Network Controllers Open to Remote Exploit, No Patches Available

IQT Vancouver/Pacific Rim Update: Arqit Chief Cryptographer, Daniel Shiu, is a 2024 Speaker – Inside Quantum Technology

Schrödinger’s cat makes a better qubit in critical regime – Physics World

Latest Intelligence

Brad Hyett, CEO of Phos by Ingenico

Quantum Tech Pod Episode 71: Lawrence Gasman, President, IQT Research – Inside Quantum Technology – Inside Quantum Technology

What lies beneath: unearthing the secret interior lives of planets – Physics World

OKX Announces Listing of RUNECOIN for Spot Trading

A Guide to New Flexible Working Rights for Crypto and FinTech Firms: PART III (EMPLOYEES)

Every visit to your website is an opportunity to take a customer on a personalised journey

Chat with us

Plato Data Intelligence.Vertical Search & Ai.

ICS Network Controllers Open to Remote Exploit, No Patches Available

Latest Intelligence

Chat with us

Plato Data Intelligence.
Vertical Search & Ai.