One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8644292 |
| Date de publication | 2025-01-29 13:01:36 (vue: 2025-01-29 13:08:09) |
| Titre | New ICS Vulnerabilities Discovered in Schneider Electric and B&R Automation Systems |
| Texte | 
Overview
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued two urgent advisories regarding serious ICS vulnerabilities in industrial control systems (ICS) products. These ICS vulnerabilities, identified in Schneider Electric\'s RemoteConnect and SCADAPack x70 Utilities, as well as B&R Automation\'s Runtime software, pose online risks to critical infrastructure systems worldwide. The ICS vulnerabilities, if exploited, could lead to potentially devastating impacts on the integrity, confidentiality, and availability of systems within energy, critical manufacturing, and other essential sectors.
Schneider Electric\'s Vulnerability in RemoteConnect and SCADAPack x70 Utilities
The ICS vulnerability in Schneider Electric\'s RemoteConnect and SCADAPack x70 Utilities arises from the deserialization of untrusted data, identified as CWE-502. This flaw could allow attackers to execute remote code on affected workstations, leading to several security risks, including the loss of confidentiality and integrity. The issue is triggered when a non-admin authenticated user opens a malicious project file, which could potentially be introduced through email, file sharing, or other methods.
Schneider Electric has assigned the CVE identifier CVE-2024-12703 to this vulnerability, with a base CVSS v3 score of 7.8 and a CVSS v4 score of 8.5. Both versions highlight the severity of the issue, with potential consequences including unauthorized remote code execution.
This vulnerability affects all versions of both RemoteConnect and SCADAPack x70 Utilities, products widely deployed in sectors such as energy and critical manufacturing across the globe. Although Schneider Electric is working on a remediation plan for future product versions, there are interim steps that organizations can take to mitigate the risk. These include:
Only opening project files from trusted sources
Verifying file integrity by computing and checking hashes regularly
Encrypting project files and restricting access to trusted users
Using secure communication protocols when exchanging files over the network
Following established SCADAPack Security Guidelines for added protection
CISA recommends minimizing the network exposure of control system devices, ensuring they are not directly accessible from the internet, and placing control system networks behind firewalls to isolate them from business networks. When remote access is necessary, using secure methods like Virtual Private Networks (VPNs) is strongly advised. However, organizations should ens |
| Notes | ★★★★ |
| Envoyé | Oui |
| Condensat | 028 12703 2024 327 502 8603 access accessible across added adequately admin adopt advised advisories advisories/icsa advisory affected affects agency algorithm all allow although apply applying are arises assets assigned attack attackers authenticated automation availability b&r b&r base based been behind better both breaches broken business can checking cisa code communication complexity component comprehensive compromise computing concerning concerns conclusion confidentiality configurations consequences control corrects could creating critical cryptographic cve cvss cwe cyber cybersecurity damage data date defense deployed depth deserialization devastating devices direct directly discovered discovery disruptions electric email emerging emphasize encouraged encrypting energy ensure ensuring environments especially essential established events/ics exchanging execute execution exploit exploitable exploited exploiting exploits exposure facing file files firewalls flaw flaws following from future globe gov/news guidance guidelines has hashes have high highlight highlights however https://www ics identified identifier impacted impacts impersonate implementing incidents include: including including: indicating industrial infrastructure integrity interim internet introduced isolate isolating issue issued kept key known lead leading legitimate like limit loss low making malicious manufacturing mapp meantime measures methods minimizing mitigate mitigation moderately necessary need network networks new non not ongoing online only opening opens operational opportunities organizations other over overview patching physical placing plan pose possible potential potentially prevent primarily prior private proactive product products project protect protection protocols public publication recommends reducing references: regarding regular regularly released remediation remote remoteconnect remotely reported restricting risk risks risky runtime scadapack schneider score second sector sectors secure secured security seeking serious services several severity sharing should software soon sources ssl/tls steps strategies strongly such system systems take target targeting them these threats through time triggered trusted two ultimately unauthenticated unauthorized untrusted update updated urgent use used user users using utilities utilizing verification verifying version versions viable view virtual vpns vulnerabilities vulnerability well when which widely within working workstations worldwide x70 |
| Tags | Vulnerability Threat Patching Industrial |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.