On January 11, 2024 [1] [2], the US Cybersecurity and Infrastructure Security Agency (CISA) released advisories addressing security issues and vulnerabilities in nine industrial control systems (ICS) products used in critical infrastructure sectors such as energy, manufacturing [2], and transportation [2].
Description
These advisories cover systems from Rapid Software LLC [1], Horner Automation [1], Schneider Electric [1], and Siemens [1]. The affected products include Rapid SCADA, Cscape [1], Easergy Studio [1], Teamcenter Visualization [1], Spectrum Power 7 [1], SICAM A8000 [1], SIMATIC CN 4100 [1], and Solid Edge [1]. The vulnerabilities identified in these advisories range from high to critical severity.
CISA advises users and administrators in these sectors to review the technical details provided and implement recommended mitigations. These include keeping systems up-to-date with new updates [2], minimizing network exposure for control system devices [2], isolating control system networks from business networks [2], and using secure methods like virtual private networks (VPNs) for remote access [2].
Additionally, CISA announced that they will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory issued on January 10, 2024 [2].
Conclusion
This release aims to enhance the cybersecurity posture of critical infrastructure relying on industrial control systems [1]. It highlights the collaborative effort between CISA and industrial system stakeholders in maintaining resilience and security against evolving threats [1]. Users and administrators in the affected sectors should take immediate action to address the identified vulnerabilities and implement the recommended mitigations to safeguard their systems and infrastructure.
References
[1] https://cybermaterial.com/cisa-issues-nine-ics-security-advisories/
[2] https://www.infosecurity-magazine.com/news/cisa-critical-infrastructure-patch/
