The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued multiple advisories alerting the public to critical vulnerabilities affecting industrial control systems (ICS) equipment deployed across critical infrastructure.
The vulnerabilities impact systems from prominent manufacturers, including Beckhoff Automation, Delta Electronics, and Bosch Rexroth. These flaws pose online risks to sectors such as energy, manufacturing, and smart machine engineering, highlighting ongoing cybersecurity challenges faced by critical infrastructure.
Beckhoff Automation Vulnerability: CVE-2024-8934
One of the most severe vulnerabilities identified by CISA is in Beckhoff Automation’s TwinCAT Package Manager, a widely used software component in the critical manufacturing sector. The flaw, identified as CVE-2024-8934, involves an improper neutralization of special elements used in an OS command injection attack.
This type of vulnerability could enable a local attacker with administrative access to execute arbitrary operating system commands, potentially compromising the integrity and security of the affected system.
The vulnerability exists in versions of TwinCAT Package Manager prior to v1.0.603.0, and CISA’s advisory notes that a successful exploit requires a local user to enter specially crafted input through the software’s user interface. When exploited, this could allow malicious commands to be executed on the underlying operating system, potentially enabling attackers to gain unauthorized control of critical infrastructure systems.
The Cybersecurity and Infrastructure Security Agency assigned a CVSS v3 base score of 6.5 and a CVSS v4 score of 7.0 to this vulnerability, indicating a moderate level of risk but still a significant concern given its potential impact.
Beckhoff Automation has since released a security update, recommending users upgrade to version 1.0.613.0 to mitigate the vulnerability. CISA also advised users to take additional precautions, such as inspecting values entered by administrative users and minimizing network exposure to control systems to reduce the likelihood of exploitation.
Delta Electronics Vulnerabilities: Remote Code Execution Risks
CISA’s advisories also pointed to multiple stack-based buffer overflow vulnerabilities in Delta Electronics’ DIAScreen equipment, used primarily in smart machine engineering and integrated into the DIAStudio Smart Machine Suite.
These vulnerabilities, identified as CVE-2024-47131, CVE-2024-39605, and CVE-2024-39354, all pose serious risks of remote code execution. The affected versions are prior to v1.5.0 of DIAScreen, with successful exploitation enabling attackers to remotely execute arbitrary code.
The vulnerabilities arise when a user is tricked into opening a malicious file within DIAScreen, which then triggers a stack-based buffer overflow. This can lead to the crashing of the device and, in more severe cases, the remote execution of malicious code.
All three vulnerabilities have been assigned a CVSS v3.1 base score of 7.5 and a CVSS v4 score of 8.4, reflecting their high severity. Delta Electronics has since issued v1.5.0 of DIAScreen, advising users to update to this version as soon as possible to mitigate the risks.
Bosch Rexroth IndraDrive Vulnerability: Denial of Service Threat
Another critical vulnerability disclosed by CISA affects Bosch Rexroth’s IndraDrive equipment, a key component in the critical manufacturing sector. The vulnerability, designated as CVE-2024-48989, involves uncontrolled resource consumption and can be exploited by attackers to launch denial-of-service (DoS) attacks. By sending specially crafted UDP messages to devices running the affected PROFINET stack, attackers could cause the device to become unresponsive, potentially disrupting industrial operations.
This vulnerability has been assigned a CVSS v3.1 base score of 7.5 and a CVSS v4 score of 8.7, indicating a high risk of disruption. Bosch Rexroth has not yet issued a specific update for this issue, but organizations are advised to take immediate steps to minimize exposure to these threats, including isolating control systems from internet-facing networks.
CISA’s Recommendations and Mitigation Strategies
Considering these vulnerabilities, CISA has recommended a set of best practices to help organizations defend against exploitation. These include:
- Control system devices should be placed behind firewalls and isolated from business networks to reduce the risk of unauthorized access.
- When remote access is necessary, organizations should employ secure methods, such as Virtual Private Networks (VPNs), to protect data transmissions. However, CISA emphasized that VPNs themselves are only as secure as the devices connected to them and should be regularly updated.
- Organizations should ensure that all affected systems are updated to the latest software versions, as vendors like Beckhoff and Delta Electronics have released patches to fix the vulnerabilities.
- Administrative users should adhere to best practices for access control, such as minimizing administrative privileges and closely monitoring user input.