InfoSecBulletin Cybersecurity for mankind
CISA published an advisory on May 28, 2024, about Industrial Control Systems (ICS). They share important information about security issues, vulnerabilities, and exploits related to ICS.
ICSA-24-149-01 Campbell Scientific CSI Web Server:
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated access (allowed by default) by an attacker to files and directories outside of the webserver root directory they should be restricted to. CVE-2024-5433 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated
Successful exploitation of these vulnerabilities could allow an attacker to download files and decode stored passwords.
AFFECTED PRODUCTS
The following versions of Campbell Scientific CSI Web Server and RTMC (Real-Time Monitoring and Control) Pro, which contains the CSI Web Server are affected:
Campbell Scientific CSI Web Server: Versions 1.6 and prior
RTMC Pro: Version 5.0 and prior
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
