Queue up the compromise
5 10/10 CVSS vulnerabilities are threatening Critical Infrastructure where Moxa MXView is deployed.
Moxa recommends firewalling these systems.
Splice shields vulnerable OT equipment inside an encrypted overlay network.
Mandatory Security Monitoring for Electric Grid
The US Federal Energy Regulatory Commission (FERC) is proposing a rule to make security monitoring of internal electricity networks a mandatory NERC standard.
The requirement is aimed to “ensure that responsible entities maintain visibility over communications between networked devices,”
Splice provides deep security visibility into ICS traffic, profiling network behaviors, and automating anomaly and outlier detections through powerful machine learning algorithms.
OMG DDS vulnerabilities
Object Management Group (OMG) Data-Distribution Service (DDS) implementation issues exposing numerous vendor systems. Some patches are available. CISA recommends to
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
The following vendors are affected:
- Eclipse CycloneDDS: All versions prior to 0.8.0
- eProsima Fast DDS: All versions prior to 2.4.0 (#2269)
- GurumNetworks GurumDDS: All versions
- Object Computing, Inc. (OCI) OpenDDS: All versions prior to 3.18.1
- Real-Time Innovations (RTI) Connext DDS Professional and Connext DDS Secure: Versions 4.2x to 6.1.0
- RTI Connext DDS Micro: Versions 3.0.0 and later
- TwinOaks Computing CoreDX DDS: All versions prior to 5.9.1
Siemens Nucleus Vulnerabilities
Siemens Nucleus RTOS TCP/IP Stack exposes Nucleus Net, Nucleus ReadyStart, and Capital VSTAR equipment.
Siemens has released updates for several of the affected products and recommends updating to the latest versions. Siemens recommends countermeasures for products where updates are not available. Siemens has not identified any additional specific workarounds or mitigations.
Phillips MRI Vulnerabilities
Improper Access Control, Incorrect Ownership Assignment, and Exposure of Sensitive Information affecting Phillips MRI systems. Expect a patch only in October 2022.
CVSS 10 Jackpot for Honeywell Controllers
File upload, path traversal and output validation issues allow for remotely executable, low complexity attacks against Honeywell Experion Process Knowledge System (PKS) C200, C200E, C300 and ACE Controllers.
Cyber exposures in Insulin remotes
Medtronic MiniMed Remote Controllers (model MMT-500 and MMT-503) used with a Medtronic MiniMed 508 insulin pump or the MiniMed Paradigm family of insulin pumps recalled due to man-in-the-middle vulnerabilities.
Critical bugs in IoT TCP/IP Stacks
Critical and high severity vulnerabilities affect a proprietary TCP/IP stack (NicheStack) used by at least 200 industrial automation vendors, with outcomes including remote code execution and DoS.
Mitsubishi advises isolation as mitigation
Countermeasures per some of the latest Misubishi vulnerability bulletins include ensuring isolation / firewalling whilst fixes are being developed.