The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released eight Industrial Control Systems (ICS) advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation.
This includes 13 security vulnerabilities in InfraSuite Device Master, Delta Electronics’ real-time device monitoring software. All versions prior to 1.0.5 are affected by this issue.
“Successfully exploiting these vulnerabilities could allow an unauthenticated attacker to gain access to files and credentials, elevate privileges, and remotely execute arbitrary code,” CISA said. says.
Topping the list is CVE-2023-1133 (CVSS score: 9.8). This is a serious flaw stemming from the fact that the InfraSuite Device Master accepts unvalidated UDP packets and deserializes the content, allowing an unauthenticated, remote attacker to execute arbitrary code.
CISA notes that two deserialization flaws, CVE-2023-1139 (CVSS score: 8.8) and CVE-2023-1145 (CVSS score: 7.8), can also be weaponized for remote code execution. I warn you there is.
Piotr Bazydlo and an anonymous security researcher are credited for finding the flaw and reporting it to CISA.
Another set of vulnerabilities is related to Rockwell Automation’s ThinManager ThinServer and affects the following versions of thin client and Remote Desktop Protocol (RDP) server management software –
- 6.x – 10.x
- 11.0.0 – 11.0.5
- 11.1.0 – 11.1.5
- 11.2.0 – 11.2.6
- 12.0.0 – 12.0.4
- 12.1.0 through 12.1.5, and
- 13.0.0 – 13.0.1
The most serious issues are two path traversal flaws tracked as CVE-2023-28755 (CVSS score: 9.8) and CVE-2023-28756 (CVSS score: 7.5) that allow unauthenticated remote attackers could upload arbitrary files to the directory. Where ThinServer.exe is installed.
To make matters worse, an attacker could weaponize CVE-2023-28755 and overwrite an existing executable with a trojanized version to execute code remotely.
Discover the hidden dangers of third-party SaaS apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.
reserve a seat
“Successfully exploiting these vulnerabilities may allow an attacker to execute remote code or cause software to crash on the targeted system/device,” CISA said.
We recommend updating to versions 11.0.6, 11.1.6, 11.2.7, 12.0.5, 12.1.6, and 13.0.2 to mitigate potential threats. ThinManager ThinServer versions 6.x through 10.x have been deprecated and should be upgraded to a supported version.
As a workaround, we also recommend restricting remote access on port 2031/TCP to known thin clients and ThinManager servers.
This disclosure comes more than six months after CISA warned of a high-severity buffer overflow vulnerability in Rockwell Automation’s ThinManager ThinServer (CVE-2022-38742, CVSS score: 8.1), and any Can lead to remote code execution.
