(I)IoT Security News
News, Vulnerabilities

Siemens SPPA-T3000

Siemens SPPA-T3000

1. Siemens SPPA-T3000-EXECUTIVE SUMMARY

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the server, cause a denial-of-service condition, view and modify passwords, gain root privileges, access sensitive information, and read and write arbitrary files on the local system.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports the vulnerabilities affect the following SPPA-T3000 products:

3.2 VULNERABILITY OVERVIEW

Note that an attacker must have network access to the Application Server, MS3000, or access to the Application Highway in order to exploit these vulnerabilities.

3.2.1    IMPROPER INPUT VALIDATION CWE-20

Specially crafted messages sent to the RPC service of the affected products could cause a denial-of-service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality.

CVE-2018-4832 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.2    DESERIALIZATION OF UNTRUSTED DATA CWE-502

The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specially crafted objects to one of its functions.

CVE-2019-18283 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.3    IMPROPER AUTHENTICATION CWE-287

The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords.

CVE-2019-18284 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.4    CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319

The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user.

CVE-2019-18285 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).

3.2.5    IMPROPER AUTHENTICATION CWE-287

The Application Server exposes directory listings and files containing sensitive information.

CVE-2019-18286 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.2.6    IMPROPER AUTHENTICATION CWE-287

The Application Server exposes directory listings and files containing sensitive information.

CVE-2019-18287 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.2.7    UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434

An attacker with valid authentication at the RMI interface could gain remote code execution through an unsecured file upload.

CVE-2019-18288 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

3.2.8    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18289, has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.9    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18290 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.10    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18291 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.11    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18292 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.12    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18293 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.13    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18294 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.14    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18295 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.15    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18296 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.16    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specially crafted packets to a named pipe.

CVE-2019-18297 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

3.2.17    INTEGER OVERFLOW OR WRAPAROUND CWE-190

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18298 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.18    INTEGER OVERFLOW OR WRAPAROUND CWE-190

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18299 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.19    INTEGER OVERFLOW OR WRAPAROUND CWE-190

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18300 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.20    INTEGER OVERFLOW OR WRAPAROUND CWE-190

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18301 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.21    INTEGER OVERFLOW OR WRAPAROUND CWE-190

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18302 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.22    INTEGER OVERFLOW OR WRAPAROUND CWE-190

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18303 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.23    INTEGER OVERFLOW OR WRAPAROUND CWE-190

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18304 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.24    INTEGER OVERFLOW OR WRAPAROUND CWE-190

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18305 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.25    OUT-OF-BOUNDS READ CWE-125

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18306 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.26    OUT-OF-BOUNDS READ CWE-125

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18307 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

3.2.27    IMPROPER ACCESS CONTROL CWE-284

An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system.

CVE-2019-18308 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

3.2.28    IMPROPER ACCESS CONTROL CWE-284

An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system.

CVE-2019-18309 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

3.2.29    STACK-BASED BUFFER OVERFLOW CWE-121

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 7061/TCP.

CVE-2019-18310 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.30    SFP SECONDARY CLUSTER: MISSING AUTHENTICATION CWE-952

An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 7061/TCP.

CVE-2019-18311 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.31    IMPROPER AUTHENTICATION CWE-287

An attacker with network access to the MS3000 Server could be able to enumerate running RPC services.

CVE-2019-18312 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.2.32    UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434

An attacker with network access to the MS3000 Server could gain remote code execution by sending specially crafted objects to one of the RPC services.

CVE-2019-18313 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.33    IMPROPER AUTHENTICATION CWE-287

An attacker with network access to the Application Server could gain remote code execution by sending specially crafted objects via RMI.

CVE-2019-18314 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.34    IMPROPER AUTHENTICATION CWE-287

An attacker with network access to the Application Server could gain remote code execution by sending specially crafted packets to Port 8888/TCP.

CVE-2019-18315 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.35    DESERIALIZATION OF UNTRUSTED DATA CWE-502

An attacker with network access to the Application Server could gain remote code execution by sending specially crafted packets to Port 1099/TCP.

CVE-2019-18316 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.36    IMPROPER AUTHENTICATION CWE-287

An attacker with network access to the Application Server could cause a denial-of-service condition by sending specially crafted objects via RMI.

CVE-2019-18317 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.37    IMPROPER AUTHENTICATION CWE-287

An attacker with network access to the Application Server could cause a denial-of-service condition by sending specially crafted objects via RMI.

CVE-2019-18318 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.38    IMPROPER AUTHENTICATION CWE-287

An attacker with network access to the Application Server could cause a denial-of-service condition by sending specially crafted objects via RMI.

CVE-2019-18319 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.39    IMPROPER AUTHENTICATION CWE-287

An attacker with network access to the Application Server could be able to upload arbitrary files without authentication.

CVE-2019-18320 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

3.2.40    IMPROPER AUTHENTICATION CWE-287

An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local system by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18321 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

3.2.41    IMPROPER AUTHENTICATION CWE-287

An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local system by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18322 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

3.2.42    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18323 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.43    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18324 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.44    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18325 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.45    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18326 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.46    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18327 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.47    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18328 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.48    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18329 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.49    HEAP-BASED BUFFER OVERFLOW CWE-122

An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.

CVE-2019-18330 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.50    INFORMATION EXPOSURE CWE-200

An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specially crafted packets to Port 1099/TCP.

CVE-2019-18331 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.2.51    INFORMATION EXPOSURE CWE-200

An attacker with network access to the Application Server could gain access to directory listings of the server by sending specially crafted packets to Port 80/TCP, 8095/TCP, or 8080/TCP.

CVE-2019-18332 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.2.52    INFORMATION EXPOSURE CWE-200

An attacker with network access to the Application Server could gain access to filenames on the server by sending specially crafted packets to Port 8090/TCP.

CVE-2019-18333 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.2.53    INFORMATION EXPOSURE CWE-200

An attacker with network access to the Application Server could be able to enumerate valid usernames by sending specially crafted packets to Port 8090/TCP.

CVE-2019-18334 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.2.54    INFORMATION EXPOSURE CWE-200

An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specially crafted packets to Port 80/TCP.

CVE-2019-18335 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.3 BACKGROUND

3.4 RESEARCHER

Gleb Gritsai, Eugenie Potseluevskaya, Sergey Andreev, and Radu Motspan from Kaspersky Lab; Vyacheslav Moskvin, and Ivan B from Positive Technologies; and Can Demirel from Biznet Bilisim Sistemleri ve Danışmanlık reported these vulnerabilities to Siemens.

4. MITIGATIONS

Siemens recommends users upgrade SPPA-T3000 Application Server to SPPAT3000 Service Pack R8.2 SP1 to resolve CVE-2019-18331, CVE-2019-18333, and CVE-2019-18334. Please contact a Siemens service management organization to obtain the update.

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk for all other vulnerabilities:

As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens’ operational guidelines for industrial security (download: https://www.siemens.com/cert/operational-guidelines-industrial-security) and follow the recommendations in the product manuals. Additional information on industrial security by Siemens can be found at: https://www.siemens.com/industrialsecurity

For more information, please see Siemens Security Advisory SSA-451445.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

No known public exploits specifically target these vulnerabilities.

Source:

https://www.us-cert.gov/ics/advisories/icsa-19-351-02


Related posts

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

(I) IoT
6 years ago

Mitsubishi Electric Factory Automation Engineering Products (Update C)

(I) IoT
3 years ago

Siemens Industrial Products SNMP Vulnerabilities (Update B)

(I) IoT
4 years ago
Exit mobile version