Authentication bypass in Wago PLC web management console
Wago has released patches for a number of vulnerabilities affecting several products. Two critical vulnerabilities allow for authentication bypass in the web based management interface in affected components. These were independently discovered through research conducted at the Georgia Institute of Technology’s Cyber-Physical Security Lab.
Splice shields vulnerable OT equipment inside an encrypted overlay network.
CISA Notifies Hitachi Energy Customers of High-Severity Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) published advisories last week to inform organizations using Hitachi Energy products about several recently addressed critical and high-severity vulnerabilities.
Cybersecurity Advisory – Incomplete Access Control Vulnerability in User Asset Group Feature of Hitachi Energy’s Lumada APM Product [CVE-2022-2155]
Cybersecurity Advisory – OpenSSL and Zlib Related Vulnerabilities in Hitachi Energy’s Lumada Asset Performance Management (APM) Product [CVE-2022-3602, CVE-2022-3786, CVE-2022-37434]
Cybersecurity Advisory – Multiple Vulnerabilities in Hitachi Energy FOXMAN-UN Product [CVE-2021-40341, CVE-2021-40342, CVE-2022-3927, CVE-2022-3928, CVE-2022-3929 ]
Cybersecurity Advisory – Multiple Vulnerabilities in Hitachi Energy’s UNEM Product [ CVE-2021-40341, CVE-2021-40342, CVE-2022-3927, CVE-2022-3928, CVE-2022-3929 ]
Cybersecurity Advisory – OpenSSL v3.x Related Vulnerabilities in Hitachi Energy’s Network Manager Process Communication Unit PCU400 Product [ CVE-2022-3602, CVE-2022-3786 ]
CISA has published various advisories describing flaws in Hitachi Energy’s products varying from UNEM, a component of their Network Management system (NMS), Foxman-UN, another product in the NMS suite to OpenSSL and Zlib components.
The exploits relate to the encryption of user credentials and how they can be exploited to obtain sensitive information and modify the systems through Network access. The OpenSSL vulnerability can be exploited to cause DoS (Denial-of-Service) attacks and has been classified as ‘High Severity’, while the Zlib is a ‘Critical’ classification and can allow for arbitrary code execution.
- The UNEM vulnerability stems from the use of DES Encryption, which is no longer deemed secure due to its short 56-bit key, this could allow the cypher to be decrypted in a very short time. Default key encryption with DES could also be exploited to obtain sensitive information. Hard-coded credentials in the message queue are also vulnerable to exploitation.
- The same issues for UNEM also exist in the FOXMAN-UN products.
The OpenSSL and Zlib vulnerabilities affect versions of the Lumada APM. OpenSSL’s buffer overflow vulnerabilities can trigger an X.509 certificate verification that can be used to force APM to connect to malicious servers. The Zlib library contains an out-of-bounds write vulnerability and exploitation can cause DoS or execution of arbitrary code.
Splice shields vulnerable OT equipment such as this inside an encrypted overlay network, reducing the cyber attack surface.
Medical Device Cybersecurity Operational Technology (OT) Requirements US 2023 Bill
ABB Flow control vulnerabilities
ABB Totalflow path traversal vulnerability in ABB G5 products provides root access, impacting safety as well as billing. ABB recommends network segmentation an firmware updates.
Splice shields vulnerable OT equipment such as this inside an encrypted overlay network, reducing the cyber attack surface.
CISA releases Cybersecurity Performance Goals
The US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has released a set of cross-sector Cybersecurity Performance Goals (CSG’s), an excellent resource for Organisations to get started with OT cybersecurity.
Splice can bring visibility and protection in many of these areas by shielding vulnerable devices inside an encrypted overlay network.
More healthcare IOT woes: Infusion Pumps
Multiple vulnerabilities exist in Baxter SIGMA Spectrum Infusion Pumps and SIGMA Wi-Fi battery TCP/IP-enabled medical devices. Baxter advises physical access restrictions (is this even possible in most healtcare settings?), secure disposal and network isolation.
Splice shields vulnerable biomedical devices inside an encrypted overlay network.
Healthcare woes: bedside monitor vulnerabilities
Multiple vulnerabilities have been discovered in Patient Bedside Monitors from Contec. As no patches are available as yet, physical access restriction and network isolation is advised.
Splice shields vulnerable OT equipment inside an encrypted overlay network, allowing for these devices to continue in operation without exposure to threats on the infrastructure network.
US Telecoms companies to inventory OT
The National Security Telecommunications Advisory Committee (NSTAC) is to recommend that the Cybersecurity and Infrastructure Security Agency (CISA) issue an order requiring all Federal civilian agencies to catalog all of their operational technology (OT) devices and systems as one of many steps to improve OT cybersecurity in government and the private sector.
Splice passively discovers OT nodes across the network, and shields OT equipment inside an encrypted overlay network.
PLC “Password Recovery” tools planting Malware
PLC password recovery tools have been discovered that leaves a little malware present behind, harnessing Engineering Workstations into botnet slaves.
Splice detects anomalous behaviour from OT nodes (including Engineering Stations within the OT network), and shields OT equipment inside an encrypted overlay network.
