The Cybersecurity and Infrastructure Security Agency (CISA) recently released 16 Industrial Control Systems (ICS) advisories with information about current security issues, vulnerabilities, and exploits. The most recent batch included:
- ICSA-24-051-03 Mitsubishi Electric Electrical Discharge Machines (Update A)
- ICSA-24-067-01 Chirp Systems Chirp Access (Update A)
- ICSA-24-116-01 Multiple Vulnerabilities in Hitachi Energy RTU500 Series
- ICSA-24-116-02 Hitachi Energy MACH SCM
- ICSA-24-116-03 Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW
- ICSA-24-116-04 Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC
- ICSA-23-143-03 Mitsubishi Electric MELSEC Series CPU Module (Update D)
- ICSA-23-157-02 Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update A)
- ICSA-24-102-09 Rockwell Automation 5015-AENFTXT (Update A)
- ICSA-24-067-01 Chirp Systems Chirp Access (Update B)
- ICSA-24-121-01 Delta Electronics CNCSoft-G2 DOPSoft DPAX
- ICSA-24-016-01 SEW-EURODRIVE MOVITOOLS MotionStudio (Update A)
- ICSA-24-109-01 Unitronics Vision Legacy Series (Update A)
- ICSA-24-123-01 CyberPower PowerPanel
- ICSA-24-123-02 Delta Electronics DIAEnergie
- ICSA-24-067-01 Chirp Systems Chirp Access (Update C)
CISA also partnered with Cisco to announce security updates to address ArcaneDoor — an exploitation of Cisco Adaptive Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD) software:
- Cisco Blog: ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
- Cisco Event Response: Attacks Against Cisco Firewall Platforms
More specifically, the update addressed how threat actors could exploit vulnerabilities (CVE-2024-20353, CVE-2024-20359, CVE-2024-20358) to take control of an affected system. Cisco also reported active exploitation of CVE 2024-20353 and CVE-2024-20359 and CISA has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog.
