The Cybersecurity and Infrastructure Security Agency (CISA) issued two critical Industrial Control Systems (ICS) advisories on December 5, 2024.With these advisories the Cybersecurity and Infrastructure Security Agency (CISA) shedding light on current security issues, [vulnerabilities](https://cybersecuritynews.com/category/vulnerability/), and exploits in ICS environments.These advisories are:-* ICSA-24-340-01* ICSA-24-340-02Experts at the CISA [discovered](https://www.cisa.gov/news-events/alerts/2024/12/05/cisa-releases-two-industrial-control-systems-advisories) that the advisories are mainly focus on ‘AutomationDirect C-More EA9 Programming Software’ and ‘Planet Technology Planet WGS-804HPT,’ respectively.**Free Webinar on Best Practices for API vulnerability -& Penetration Testing: [Free Registration](https://webinars.indusface.com/72-hours-to-audit-ready-api-security-a-proven-framework/register?utm_source=gbhackers-side-banner&utm_campaign=2024-dec-webinar-api-security&utm_medium=referral)**AutomationDirect C-More EA9 Programming Software————————————————The C-More EA9 Programming Software, versions 6.78 and prior, are affected by multiple stack-based buffer overflow vulnerabilities. These vulnerabilities, identified as CVE-2024-11609, CVE-2024-11610, and CVE-2024-11611, all carry a CVSS v4 base score of 8.4, indicating a high severity level.Successful exploitation of these vulnerabilities could lead to:-* Memory corruption* [Remote code execution](https://cybersecuritynews.com/apple-safari-remote-code-execution-vulnerability/)* Potential system compromiseThe vulnerabilities stem from improper handling of input files, allowing attackers to execute arbitrary code remotely.AutomationDirect recommends updating C-MORE EA9 HMI to version 6.79. If immediate updates are not feasible, several interim measures are suggested:-* Isolating engineering workstations* Implementing strict access controls* Applying application whitelisting* Enhancing [endpoint security](https://cybersecuritynews.com/endpoint-management-tools/)* Monitoring and logging system activities* Hardening workstations* Conducting regular [risk assessments](https://cybersecuritynews.com/cybersecurity-risk-management-tools/)Planet Technology Planet WGS-804HPT———————————–The Planet WGS-804HPT industrial switch, version v1.305b210531, is affected by three critical vulnerabilities:-1. Stack-based Buffer Overflow (CVE-2024-48871)2. OS Command Injection (CVE-2024-52320)3. Integer Underflow (CVE-2024-52558)The first two vulnerabilities have a CVSS v4 base score of 9.3, while the integer underflow vulnerability has a score of 6.9.These vulnerabilities could allow unauthenticated attackers to:-* Execute remote code* Inject malicious commands* Crash the systemThe vulnerabilities are exploitable through malformed HTTP requests, posing a significant risk to affected systems.Planet Technology recommends upgrading to version 1.305b241111 or later. CISA also advises users to:-* Minimize network exposure for control system devices* Implement [firewalls](https://cybersecuritynews.com/best-linux-firewalls/) and isolate control systems from business networks* Use secure remote access methods like VPNs* Perform impact analysis and risk assessment before deploying defensive measuresThese ICS advisories underscore the critical importance of promptly addressing vulnerabilities in industrial control systems to maintain the security and integrity of critical infrastructure sectors worldwide.**`Analyse Real-World Malware & Phishing Attacks With ANY.RUN – `[Get up to 3 Free Licenses](https://app.any.run/plans?utm_source=csn&utm_medium=article&utm_campaign=phishing_attacks&utm_content=plans&utm_term=051224)**The post [CISA Releases Multiple ICS Advisories Detailing Exploits -& Vulnerabilities](https://cybersecuritynews.com/cisa-releases-multiple-ics-advisories/) appeared first on [Cyber Security News](https://cybersecuritynews.com).
Related Tags:
CVE-2024-11611
CVE-2024-11609
CVE-2024-52558
CVE-2024-52320
CVE-2024-48871
NAICS: 333 – Machinery Manufacturing
NAICS: 92 – Public Administration
NAICS: 922 – Justice
Public Order
Safety Activities
NAICS: 33 – Manufacturing – Metal
Electronics And Other
Associated Indicators: