๎ ‚March 22, 2023๎ „Rabbi LakshmananICS/SCADA security

The US Cybersecurity and Infrastructure Security Agency (CISA) has released eight industrial control systems (ICS). Recommendation On Tuesday, we warned of a serious defect affecting equipment from Delta Electronics and Rockwell Automation.

This includes 13 security vulnerabilities in InfraSuite Device Master, Delta Electronics’ real-time device monitoring software. All versions prior to 1.0.5 are affected by this issue.

“Successfully exploiting these vulnerabilities could allow an unauthenticated attacker to gain access to files and credentials, elevate privileges, and remotely execute arbitrary code,” CISA said. says. Said.

top of the list CVE-2023-1133 (CVSS score: 9.8), the InfraSuite Device Master accepts unvalidated UDP packets, deserialize the contentThis allows an unauthenticated, remote attacker to execute arbitrary code.

Two other deserialization flaws, CVE-2023-1139 (CVSS score: 8.8) and CVE-2023-1145 (CVSS score: 7.8) can also be weaponized to execute code remotely, CISA warns.

Piotr Bazydlo and an anonymous security researcher are credited for finding the flaw and reporting it to CISA.

Another set of vulnerabilities is related to Rockwell Automation’s ThinManager ThinServer and affects the following versions of thin client and Remote Desktop Protocol (RDP) server management software –

  • 6.x โ€“ 10.x
  • 11.0.0 โ€“ 11.0.5
  • 11.1.0 โ€“ 11.1.5
  • 11.2.0 โ€“ 11.2.6
  • 12.0.0 โ€“ 12.0.4
  • 12.1.0 through 12.1.5, and
  • 13.0.0 โ€“ 13.0.1

The most serious problems are two path traversal flaws tracked as follows: CVE-2023-28755 (CVSS score: 9.8) and CVE-2023-28756 (CVSS score: 7.5) This could allow an unauthenticated, remote attacker to upload arbitrary files to the directory where ThinServer.exe is installed.

To make matters worse, an attacker could weaponize CVE-2023-28755 and overwrite an existing executable with a trojanized version to execute code remotely.

webinar

Discover the hidden dangers of third-party SaaS apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.

reserve a seat

“Successfully exploiting these vulnerabilities may allow an attacker to execute remote code or cause software to crash on the target system/device,” CISA said. I got it.

We recommend updating to versions 11.0.6, 11.1.6, 11.2.7, 12.0.5, 12.1.6, and 13.0.2 to mitigate potential threats. ThinManager ThinServer versions 6.x through 10.x have been deprecated and should be upgraded to a supported version.

As a workaround, we also recommend restricting remote access on port 2031/TCP to known thin clients and ThinManager servers.

Disclosure received more than 6 months after CISA warned Rockwell Automation ThinManager ThinServer (CVE-2022-38742CVSS score: 8.1), may lead to arbitrary remote code execution.

Did you find this article interesting?Please follow us twitter โ—‹ and LinkedIn To read more exclusive content that we post.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ยฉ๏ธ All rights reserved. | Blue Training Academy Blog