CISA Releases Three Critical Industrial Control Systems Advisories: Safeguarding Critical Infrastructure Against Emerging Threats

In a decisive move to enhance the cybersecurity posture of critical infrastructure systems, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued three new Industrial Control Systems (ICS) advisories. These advisories highlight vulnerabilities in widely used equipment across critical sectors such as communications, energy, and critical manufacturing. With the increasing complexity and interconnectedness of industrial control systems, any vulnerabilities within them pose significant risks to public safety, economic stability, and national security.

The vulnerabilities outlined by CISA affect three key systems: the TEM Opera Plus FM Family Transmitter, Subnet Solutions’ PowerSYSTEM Center, and Delta Electronics’ DIAEnergie system. These advisories underscore the critical importance of addressing security flaws in industrial systems and offer mitigation strategies to minimize the risk of exploitation. As the number of cyber threats targeting ICS continues to rise, addressing these vulnerabilities is crucial for ensuring the resilience of critical infrastructure worldwide.

1. TEM Opera Plus FM Family Transmitter Vulnerabilities

The TEM Opera Plus FM Family Transmitter is a widely deployed system in the communications sector, particularly in broadcasting applications. CISA’s advisory reveals two significant vulnerabilities within this transmitter:

• Missing Authentication for Critical Function (CVE-2024-41988): This flaw allows unauthenticated access to critical functions within the system, enabling attackers to overwrite firmware and execute arbitrary code.
• Cross-Site Request Forgery (CSRF) (CVE-2024-41987): Exploiting this vulnerability can allow malicious actors to perform administrative actions without authorization, potentially leading to the compromise of system integrity.

With these vulnerabilities assigned a CVSS v4 base score of 9.3 and 8.6, respectively, the risks posed by successful exploitation are considerable, including the possibility of remote code execution and unauthorized administrative control over the system. The fact that public proof-of-concept exploits for these vulnerabilities already exist further amplifies the urgency for operators to implement mitigations.

2. Subnet Solutions’ PowerSYSTEM Center Vulnerabilities

The second advisory pertains to Subnet Solutions’ PowerSYSTEM Center, a crucial tool used in the energy and critical manufacturing sectors. Three vulnerabilities have been identified in this system:

• Server-Side Request Forgery (SSRF) (CVE-2020-28168): This vulnerability allows attackers to bypass proxy servers and access internal resources by manipulating requests.
• Inefficient Regular Expression Complexity (CVE-2021-3749): Attackers can exploit this flaw to cause denial-of-service (DoS) conditions by overloading the system with resource-intensive regular expressions.
• Cross-Site Request Forgery (CSRF) (CVE-2023-45857): This vulnerability allows unauthorized actions to be performed on behalf of authenticated users, potentially exposing sensitive data.

The CVSS scores for these vulnerabilities range from 5.9 to 7.5, indicating a moderate to high risk of exploitation. Given the critical nature of the industries relying on the PowerSYSTEM Center, it is imperative for organizations to address these vulnerabilities promptly to avoid operational disruptions.

3. Delta Electronics’ DIAEnergie Vulnerabilities

Delta Electronics’ DIAEnergie system, which is widely used in energy management and monitoring applications, was found to contain two severe SQL injection vulnerabilities (CVE-2024-43699 and CVE-2024-42417). These vulnerabilities, rated with CVSS v4 scores of 9.3 and 8.7, allow attackers to manipulate the system’s SQL queries, potentially retrieving sensitive data or causing service interruptions.

SQL injection vulnerabilities are particularly dangerous as they enable attackers to directly interact with the system’s database, potentially leading to data theft, manipulation, or even denial-of-service attacks. Given the critical role that energy management systems play in optimizing industrial operations, securing these systems is vital for ensuring the continued smooth operation of essential services.

10 Ways to Protect Against ICS Vulnerabilities

To mitigate the risks posed by these vulnerabilities and prevent future incidents, CISA and cybersecurity experts recommend the following 10 strategies:

1. Segment ICS Networks from Business Networks: Use firewalls and network segmentation to isolate industrial control systems from business and public networks, reducing the attack surface.
2. Implement Strong Authentication Mechanisms: Ensure all critical system functions require authentication, including multi-factor authentication (MFA), to prevent unauthorized access.
3. Regularly Update and Patch Systems: Apply patches and updates to ICS software as soon as they are released. Unpatched systems are a prime target for attackers.
4. Deploy Network Monitoring Solutions: Utilize intrusion detection systems (IDS) and other monitoring tools to detect unusual activity within ICS networks and respond promptly to potential threats.
5. Minimize Remote Access: Limit remote access to control systems and use secure methods such as Virtual Private Networks (VPNs) to protect connections. Ensure that VPNs are regularly updated to address potential vulnerabilities.
6. Conduct Regular Security Audits: Perform routine audits of ICS infrastructure to identify and address security gaps, vulnerabilities, and misconfigurations.
7. Train Employees in Cybersecurity Best Practices: Educate employees and operators on cybersecurity awareness, phishing prevention, and the proper handling of system access credentials.
8. Limit Privileged Access: Apply the principle of least privilege (PoLP) by granting access to only those functions necessary for a user’s role, reducing the potential for unauthorized actions.
9. Use Web Application Firewalls (WAF): Implement WAF solutions to protect web interfaces of control systems from cross-site scripting (XSS), CSRF, and SQL injection attacks.
10. Develop a Comprehensive Incident Response Plan: Ensure your organization has a well-documented and regularly tested incident response plan for ICS-related cybersecurity incidents, allowing for quick and effective remediation in the event of an attack.

Conclusion

As cyber threats targeting industrial control systems grow more sophisticated, it is essential for organizations in critical infrastructure sectors to remain vigilant. CISA’s release of these three advisories highlights the urgency of addressing vulnerabilities in widely deployed ICS systems to protect against potential exploitation. Whether it is through missing authentication, CSRF vulnerabilities, or SQL injections, attackers are constantly seeking opportunities to exploit weaknesses in ICS networks.

By adopting proactive security measures such as network segmentation, regular patching, and strong authentication, organizations can significantly reduce their exposure to cyberattacks. The consequences of failing to secure these systems could result in operational downtime, data breaches, and even physical harm to critical infrastructure. As these vulnerabilities demonstrate, the stakes are high, and the need for comprehensive cybersecurity defenses in industrial control systems has never been greater.

Want to stay on top of cybersecurity news? Follow us on Facebook, X (Twitter), Instagram, and LinkedIn for the latest threats, insights, and updates!