CISA has issued a critical advisory alerting industrial manufacturers about vulnerabilities in Rockwell Automation and several Mitsubishi Electric systems, urging them to implement mitigations immediately. These vulnerabilities affect multiple industrial control systems (ICS), including Rockwell’s FactoryTalk ThinManager and Mitsubishi’s FA Engineering and MELSEC iQ Series products. The vulnerabilities pose a high risk of unauthorised remote access, enabling attackers to manipulate databases, execute malicious code, or cause denial-of-service (DoS) attacks, thereby threatening production stability and security.

The advisory highlights four major vulnerabilities with high CVSS scores (between 8.7 and 9.8), meaning they are highly exploitable and pose a significant risk to operational technology (OT) environments. Rockwell Automation’s FactoryTalk ThinManager has vulnerabilities that could allow crafted message injection leading to database manipulation or DoS. Mitsubishi's FA Engineering products and MELSEC iQ series suffer from vulnerabilities enabling unauthorised code execution and authentication bypass, potentially granting attackers full access to critical systems.

Key points to know:

• Vulnerability in Rockwell Automation FactoryTalk ThinManager, allowing crafted message injection and out-of-bounds reads, with CVSS scores of 9.3 and 8.7.
• Vulnerability in Mitsubishi FA Engineering Software (CVE-2023-6943), allowing remote code execution with a CVSS score of 9.8.
• Authentication bypass in Mitsubishi MELSEC iQ-R/iQ-F Series (CVE-2023-2060), enabling unauthenticated FTP access via weak password settings with a CVSS score of 8.7.
• Mitsubishi vulnerabilities enabling attackers to tamper with, destroy, or delete data and cause DoS.
• CISA recommendations advise securing ICS by limiting network exposure and employing secure access methods like VPNs, though VPNs should be regularly updated.

Following the advisory, Rockwell Automation and Mitsubishi have provided specific mitigations for their systems, while CISA has emphasised defensive measures. These include isolating ICS networks from business networks, minimising internet exposure, and using VPNs for remote access when required. By taking these steps, manufacturers can protect against unauthorised access and reduce the likelihood of exploitation in critical OT environments.

Recommended Security Measures:

• Minimise internet exposure for all ICS devices and restrict access to trusted users only.
• Place ICS networks and remote devices behind firewalls, isolating them from business or IT networks.
• Use VPNs for remote access to ICS networks and ensure they are updated to the latest secure version.
• Follow vendor-specific mitigation recommendations as outlined by Rockwell Automation and Mitsubishi.
• Regularly update all security software and conduct vulnerability assessments on critical ICS devices.

Conclusion: CISA’s advisory on Rockwell Automation and Mitsubishi ICS vulnerabilities serves as a crucial reminder for industrial operators to prioritise cybersecurity within OT environments. The high severity of these vulnerabilities makes it essential for organisations to act quickly, applying vendor recommendations and additional network security measures. By isolating and securing critical infrastructure, manufacturers can mitigate risks and protect against potentially damaging cyberattacks.

Source and further reading.

Poireault, K. . (2024, November 1). CISA warns of critical software vulnerabilities in industrial devices. Infosecurity Magazine. https://www.infosecurity-magazine.com/news/cisa-critical-vulnerabilities-ics

Coker, J. (2024, October 31). Five ICS security challenges and how to overcome them. Infosecurity Magazine. https://www.infosecurity-magazine.com/news-features/ics-security-challenges-overcome/