The Cybersecurity and Infrastructure Security Agency (CISA) has released five advisories related to Industrial Control Systems (ICS). The advisories aim to provide technical information and mitigations to address current vulnerabilities, exploits, and security issues associated with ICS.
The advisories include ICSA-23-068-01 Akuvox E11 Publication, ICSA-23-068-02 B&R Systems Diagnostics Manager, ICSA-23-068-03 ABB Ability Symphony Plus, ICSA-23-068-04 STEP Tools Third-Party, and ICSA-23-068-05 Hitachi Energy Relion 670, 650 and SAM600-IO Series.
The ICSA-23-068-01 advisory pertains to the Akuvox E11, a video intercom that is used in multi-unit dwellings, office buildings, and other facilities. The advisory outlines a vulnerability in the firmware that could allow a remote attacker to execute arbitrary code. The advisory suggests upgrading to the latest version of the firmware and disabling port forwarding on the device.
The ICSA-23-068-02 advisory is related to B&R Systems Diagnostics Manager, which is used to monitor and diagnose industrial automation and control systems. The advisory highlights a vulnerability that could allow an attacker to gain unauthorized access to the system. The advisory recommends updating to the latest version of the software and restricting network access to the system.
The ICSA-23-068-03 advisory pertains to ABB Ability Symphony Plus, which is used in power and water utility systems. The advisory outlines a vulnerability in the software that could allow an attacker to execute arbitrary code. The advisory suggests upgrading to the latest version of the software and applying vendor patches.
The ICSA-23-068-04 advisory is related to STEP Tools Third-Party, which is used in the manufacturing industry for computer-aided design (CAD) and computer-aided manufacturing (CAM). The advisory outlines a vulnerability that could allow an attacker to execute arbitrary code. The advisory recommends upgrading to the latest version of the software and applying vendor patches.
The ICSA-23-068-05 advisory pertains to Hitachi Energy Relion 670, 650 and SAM600-IO Series, which are used in electrical substations. The advisory outlines a vulnerability that could allow an attacker to cause a denial-of-service condition on the device. The advisory suggests upgrading to the latest version of the firmware and applying vendor patches.
