InfoSecBulletin Cybersecurity for mankind
CISA published an advisory on May 28, 2024, about Industrial Control Systems (ICS). They share important information about security issues, vulnerabilities, and exploits related to ICS.
ICSA-24-149-01 Campbell Scientific CSI Web Server:
CISA confirms hackers possibly access CSAT January incident
LockBit Claims 33 TB of US Federal Reserve Data
Indonesia’s National data center compromised, $8M ransom demand
ESET Issues Security Patch for Privilege Escalation Flaw
Hacker offer zero-day RCE exploit of Atlassian Jira for Sale
US bans Kaspersky software over Russia ties
China-linked spies target Asian Telcos since 2021
Azad selected expert reviewer for CISA Review Manual 28th Edition
Attackers Target AWS Vaults, Buckets, and Secrets
CISA released Guidance for Modern Approaches to Network Access Security
The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated access (allowed by default) by an attacker to files and directories outside of the webserver root directory they should be restricted to. CVE-2024-5433 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated
Successful exploitation of these vulnerabilities could allow an attacker to download files and decode stored passwords.
AFFECTED PRODUCTS
The following versions of Campbell Scientific CSI Web Server and RTMC (Real-Time Monitoring and Control) Pro, which contains the CSI Web Server are affected:
Campbell Scientific CSI Web Server: Versions 1.6 and prior
RTMC Pro: Version 5.0 and prior
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
