Technology NewsCISA Warns of Flaws in Siemens, GE Digital, and...

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

-


Jan 18, 2023Ravie LakshmananICS/SCADA Security

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec.

The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9) and command injection (CVE-2022-2068, CVSS score: 9.8).

Also patched by Siemens is an authentication bypass vulnerability in llhttp parser (CVE-2022-35256, CVSS score: 9.8) as well as an out-of-bounds write bug in the OpenSSL library (CVE-2022-2274, CVSS score: 9.8) that could be exploited to trigger remote code execution.

The German automation company, in December 2022, released Service Pack 2 Update 1 software to mitigate the flaws.

Separately, a critical flaw has also been revealed in GE Digital’s Proficy Historian solution that could result in code execution regardless of authentication status. The issue, tracked as CVE-2022-46732 (CVSS score: 9.8), impacts Proficy Historian versions 7.0 and higher, and has been remediated in Proficy Historian 2023.

“An attacker can take advantage of this fact and bypass the historian authentication by impersonating a local service,” Uri Katz, security researcher at industrial security firm Claroty, said. “This allows remote attackers the ability to log in to any GE Proficy Historian server and force it to perform unauthorized actions.”

CISA also updated an ICS advisory that was published last month, detailing a critical command injection vulnerability in Contec CONPROSYS HMI System (CVE-2022-44456, CVSS score: 10.0) that could permit a remote attacker to send specially crafted requests to execute arbitrary commands.

While this shortcoming was patched by Contec in version 3.4.5, the software has since been found to be vulnerable to four additional defects that could lead to information disclosure and unauthorized access.

Users of CONPROSYS HMI System are recommended to update to version 3.5.0 or later, in addition to taking steps to minimize network exposure and isolate such devices from business networks.

The advisories come less than a week after CISA released 12 such alerts warning of critical flaws impacting software from Sewio, InHand Networks, Sauter Controls, and Siemens.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

its Gorilla Glass Victus 2 debuts with the Galaxy S23

It was an open secret but it is no longer a secret, because Corning has officially confirmed that...

விஞ்ஞானிகள் தோலில் இருந்து மூளை வரை உணர்திறன் பாதைகளை கண்டுபிடிக்கின்றனர்

கொலம்பியா பல்கலைக்கழகத்தின் ஜுக்கர்மேன் இன்ஸ்டிடியூட் மற்றும் இரண்டு கூட்டாளர் நிறுவனங்களின் விஞ்ஞானிகள், சுட்டி ஆய்வுகளில் இன்பமான, பாலியல் மற்றும் வெகுமதியளிக்கும் சமூக தொடர்பு தொடர்பான...

ChatGPT even passes exams at American universities. How does it compare to real students?

It's been a while since ChatGPT software became widely available. Internet users have already tested it in...

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation

Jan 26, 2023Ravie LakshmananThreat Analysis Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity...

ChatGPT even passes exams at American universities. How does it compare to real students?

It's been a while since ChatGPT software became widely available. Internet users have already tested it in...

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation

Jan 26, 2023Ravie LakshmananThreat Analysis Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity...

Must read

White Chocolate Mousse Recipe | The Recipe Critic

This website may contain affiliate links and advertising...

விஞ்ஞானிகள் தோலில் இருந்து மூளை வரை உணர்திறன் பாதைகளை கண்டுபிடிக்கின்றனர்

கொலம்பியா பல்கலைக்கழகத்தின் ஜுக்கர்மேன் இன்ஸ்டிடியூட் மற்றும் இரண்டு கூட்டாளர் நிறுவனங்களின்...