New Cybersecurity Advisories Target Vulnerabilities in Industrial Control Systems
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has recently published seven important advisories focused on cybersecurity vulnerabilities affecting critical Industrial Control Systems (ICS). These advisories are particularly relevant to sectors including energy, communications, emergency response, and manufacturing.
Overview of Cybersecurity Vulnerabilities
The newly released advisories reveal several remotely exploitable vulnerabilities in devices and software from major firms like CyberData, Hitachi Energy, and Mitsubishi Electric—key players in the field of operational technology (OT). These vulnerabilities present significant risks to the security of critical infrastructure.
Detailed Analysis of Advisories
CyberData’s SIP Emergency Intercom Vulnerabilities
The first advisory, labeled ICSA-25-155-01, addresses multiple serious vulnerabilities in CyberData’s 011209 SIP Emergency Intercom. With a CVSS v4 severity score of 9.3, this advisory outlines risks such as authentication bypass, SQL injection, and path traversal. Systems running firmware versions earlier than 22.0.1 are particularly vulnerable to remote execution and denial-of-service attacks. To mitigate these risks, CISA recommends upgrading to firmware version 22.0.1 and advises network administrators to isolate the intercoms using firewalls and virtual private networks (VPNs).
Hitachi Energy’s Relion Devices at Risk
The second advisory, ICSA-25-155-02, highlights a critical integer overflow found in Hitachi Energy’s Relion 670 and 650 series, as well as SAM600-IO devices. This flaw, which scores a 9.8 on the CVSS v3 scale, resides in the memory allocator of the VxWorks operating system. If exploited, it could lead to memory corruption, potentially impacting protective relays in power systems. Users with firmware versions ranging from 1.1 to 2.2.5 are advised to upgrade to version 2.2.5.2 or apply interim workarounds provided by Hitachi.
Vulnerabilities in Mitsubishi Electric’s Engineering Software
A further advisory, ICSA-21-049-02 (Update H), addresses vulnerabilities in Mitsubishi Electric’s FA Engineering Software, encompassing tools like GX Developer and GT Designer3. This advisory reveals that heap-based buffer overflows can be exploited to crash the software or disrupt programmable logic controller (PLC) diagnostics in automated environments. Users are urged to install essential updates, such as GX Developer version 8.507D+ and RT ToolBox2 version 3.74C+.
Ongoing Security Challenges in Hitachi Energy’s ICS
CISA’s June update also revisits previous advisories concerning Hitachi Energy’s Relion products and their IEC 61850 MMS Server implementations. Notable concerns include:
-
ICSA-25-133-02 focuses on CVE-2023-4518, where malformed Generic Object Oriented Substation Events (GOOSE) messages could lead to firmware reboots in vulnerable Relion versions, causing denial-of-service issues. Users are encouraged to upgrade to more secure firmware such as 2.2.2.6 or 2.2.3.7.
-
ICSA-23-068-05 reveals authentication vulnerabilities in firmware signature validation (CVE-2022-3864), potentially allowing unauthorized firmware uploads. This issue affects firmware versions from 2.2.0 to 2.2.5.5.
-
ICSA-21-336-05 pertains to outdated VxWorks boot components, linked to known “Urgent/11” vulnerabilities. Exploitable weaknesses could result in TCP session hijacking. Users must update to secure versions or implement network isolation strategies.
- ICSA-23-089-01 discusses a medium-risk issue (CVE-2022-3353) in Hitachi’s IEC 61850 MMS Server. Malformed client requests can obstruct new connections, underlining the need for operational vigilance.
Conclusion
The recent advisories from CISA underline a critical need for infrastructure operators to address vulnerabilities in their ICS. As legacy systems often lack essential security features, the risks of cyber exploitation are escalating. Organizations must act promptly to patch their systems, segment networks, limit access, monitor for threats, and enhance staff training on cybersecurity protocols. This proactive approach is essential for securing critical infrastructure and ensuring operational continuity.
