CISA has released three Industrial Control Systems (ICS) advisories on July 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:
ICSA-23-187-01 PiiGAB M-Bus
ICSA-23-187-02 ABUS TVIP
ICSA-23-143-03 Mitsubishi Electric MELSEC Series CPU module (Update A)
Industrial Control Systems vulnerabilities: PiiGAB M-Bus
These vulnerabilities include:
Code injection (CVE-2023-36859)
Improper restriction of authentication attempts (CVE-2023-33868)
Unprotected transport of credentials (CVE-2023-31277)
Use of hard-coded credentials (CVE-2023-35987)
Plaintext storage of passwords (CVE-2023-35765)
Cross-site scripting (CVE-2023-32652)
Weak password requirements (CVE-2023-34995)
Use of weak password hash (CVE-2023-34433)
Cross-site request forgery (CVE-2023-35120)
Industrial Control Systems vulnerabilities: ABUS TVIP
ABUS, a vendor of security camera systems, has identified vulnerability in their ABUS TVIP indoor security camera that could allow remote attackers to execute arbitrary code. The vulnerability, known as command injection, occurs when an attacker is able to inject malicious code into a system by exploiting a flaw in the application’s input validation. In this case, the vulnerability exists in a specific field of the camera’s configuration.
Once the attacker has successfully injected the malicious code, they can then execute it on the system, which could lead to a variety of consequences, such as arbitrary file reads or remote code execution. The severity of this vulnerability is rated as moderate, and public exploits are available. ABUS has released a patch for the vulnerability, and users are advised to update their cameras as soon as possible.
ICS vulnerabilities: Mitsubishi Electric MELSEC Series CPU Module
Mitsubishi Electric has released a firmware update to address vulnerability in their MELSEC Series CPU modules. The vulnerability, tracked as CVE-2023-1424, is a classic buffer overflow that could allow a remote attacker to cause a denial-of-service condition or execute malicious code.
The vulnerability exists due to inadequate input size checks in the affected modules. An attacker could exploit this vulnerability by sending specially crafted packets to the affected modules. If successful, the attacker could cause a denial-of-service condition or execute malicious code on the affected system.
Mitsubishi Electric has released firmware updates to address this vulnerability. Users are advised to update their firmware as soon as possible.