Overview 

The recent Weekly Industrial Control System Vulnerability Intelligence Report from Cyble Research & Intelligence Labs (CRIL) covers the vulnerabilities disclosed by the Cybersecurity and Infrastructure Security Agency (CISA) from November 26, 2024, to December 02, 2024.  

The report sheds light on online threats, especially vulnerabilities affecting critical systems such as those from Schneider Electric and Hitachi Energy, two of the most prominent vendors in the ICS sector. During the report’s timeframe, CISA issued five major security advisories, focusing on 12 vulnerabilities that impact a wide range of ICS products.  

These vulnerabilities have been identified in devices and systems from key vendors, including Schneider Electric and Hitachi Energy. The vulnerabilities identified in these systems are critical to address due to their potential to expose vital infrastructures to cyberattacks.  

Schneider Electric: A Major Focus for ICS Vulnerabilities  

Schneider Electric, a leading vendor of control systems, was prominently featured in the advisories due to the numerous vulnerabilities impacting their devices. These vulnerabilities range from issues with weak password recovery mechanisms to the use of hard-coded credentials, both of which pose a risk to the integrity of ICS devices.  

Among the affected products is the PM5560 series, which includes multiple versions susceptible to vulnerabilities like weak password recovery mechanisms for forgotten passwords (CVE-2021-22763). This flaw, coupled with improper authentication (CVE-2021-22764), increases the potential for unauthorized access. Such vulnerabilities undermine the effectiveness of ICS security, allowing attackers to potentially take control over critical systems like actuators, sensors, and power supplies.  

One particularly concerning vulnerability (CVE-2023-6408) affects the Modicon M340 CPU and other related Schneider Electric products. This vulnerability arises from improper message integrity enforcement during transmission across communication channels, which could allow attackers to manipulate the integrity of communications between devices, creating openings for man-in-the-middle attacks. The high-severity nature of this vulnerability highlights the ongoing need for organizations to implement stronger security practices, including effective patch management and encryption protocols.  

Additionally, Schneider Electric’s use of hard-coded credentials (CVE-2023-6409) in its devices presents a high-risk issue, making it easier for attackers to gain access to systems. This particular vulnerability is found in several product lines, including the Modicon M580 and Modicon M340 CPUs, which are integral to many ICS operations. These devices are widely used in critical sectors such as energy and manufacturing. 

Hitachi Energy: Security Flaws in SCADA and Control Systems  

Another major player in the ICS sector, Hitachi Energy, also faced critical security challenges during the same reporting period. The vulnerabilities affecting Hitachi’s MicroSCADA Pro/X SYS600 system are especially concerning because they affect key operational components within control systems and supervisory control and data acquisition (SCADA) environments.   

These vulnerabilities could allow attackers to bypass authentication (CVE-2024-3982), potentially gaining unauthorized access to control systems that are vital for managing electricity grids and other industrial processes. Additionally, path traversal vulnerabilities (CVE-2024-3980) were identified, which could allow an attacker to manipulate file paths within the system, gaining unauthorized access to sensitive files.  

These vulnerabilities are classified as high and critical risks, as they could be exploited by attackers to infiltrate ICS systems, causing online disruption to operations. A notable vulnerability in Hitachi Energy’s systems is the authentication bypass by the capture-replay flaw (CVE-2024-3982), which allows attackers to bypass authentication mechanisms by replaying captured credentials.  

Given the high-security requirements of control systems like SCADA, the existence of this vulnerability calls for immediate attention from organizations to ensure these critical systems remain secure. The MicroSCADA Pro/X SYS600 system is also affected by a missing authentication for critical functions (CVE-2024-7940) vulnerability. This flaw could enable attackers to exploit critical functions within the system without proper authentication, allowing them to manipulate system settings or gain unauthorized access to sensitive data.  

The Severity of ICS Vulnerabilities  

The vulnerabilities analyzed in the CRIL report show that the majority of the vulnerabilities in ICS systems fall under high severity. This highlights the critical need for organizations operating ICS devices to adopt proactive cybersecurity measures. Weak passwords, improper authentication, and hard-coded credentials are among the most common issues found across various ICS products. Addressing these vulnerabilities requires rigorous patch management practices, including regular updates and configuration checks.  

The vulnerabilities disclosed by CISA and highlighted in the report are particularly important as they impact critical infrastructure sectors such as energy, critical manufacturing, and communications. Schneider Electric and Hitachi Energy alone account for a notable portion of the vulnerabilities in the ICS space, underlining the need for greater focus on security within the industrial sector.  

Impact on Critical Infrastructure Sectors  

A sector-wise analysis of the vulnerabilities reveals that Critical Manufacturing accounts for the largest portion of vulnerabilities, with an overwhelming 83.3% of the cases. This is due to the expansive operations and critical nature of manufacturing processes that rely heavily on ICS.  

In contrast, the Energy sector, which includes power grids and electrical infrastructure, accounts for 8.3% of the reported vulnerabilities, while the Wastewater Systems sector is also impacted with a similar share. The Commercial Facilities sector reports the smallest share, with only 0.8% of the vulnerabilities.  

This distribution denotes the varied risk levels across critical infrastructure sectors and emphasizes the importance of prioritizing cybersecurity efforts, particularly in manufacturing and energy, where ICS vulnerabilities could lead to more severe consequences.  

Mitigation Strategies and Recommendations  

Here are some of the best practices recommended to mitigate potential risks:  

1. It is essential to regularly update systems and apply patches as soon as they are released. Many vulnerabilities in ICS are a result of outdated software or firmware, which can be addressed by keeping systems up to date.  

2. Implementing a zero-trust security model is crucial in preventing unauthorized access. This involves treating every request for access as if it originates from an untrusted source, requiring strict verification before granting access.  

3. By segmenting networks, organizations can limit the ability of attackers to move laterally across systems, thus reducing the risk of widespread damage.  

4. Strengthening authentication protocols, such as using multi-factor authentication (MFA), is critical to reducing the likelihood of unauthorized access to ICS devices.  

5. Continuous security assessments through vulnerability scans, penetration testing, and audits help identify potential security gaps in ICS before they can be exploited by attackers.  

6. Organizations should invest in cybersecurity training programs for employees to ensure they are aware of the risks posed by phishing, social engineering, and other attack methods.  

Conclusion  

The vulnerabilities in ICS highlighted in the latest report from CISA, along with those analyzed by Cyble Research & Intelligence Labs, highlight the increasing risks faced by critical infrastructure sectors. With vulnerabilities in high-severity products from vendors like Schneider Electric and Hitachi Energy, it is important that organizations address these potential threats before they can compromise sensitive information.  

By implementing security measures, including effective patch management, strong authentication protocols, and comprehensive training programs, organizations can better protect their ICS systems from cybersecurity risks. 

Related