CISA ICS Advisories Spotlight CyberData, Hitachi, Mitsubishi

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has launched seven new ICS advisories, every highlighting cybersecurity vulnerabilities in key Industrial Management Programs throughout power, communications, emergency response, and manufacturing sectors.  

The alerts make clear remotely exploitable flaws found in gadgets and software program produced by CyberData, Hitachi Power, and Mitsubishi Electrical—names synonymous with trendy operational know-how (OT).  

A Breakdown of the Newest ICS Advisories 

The primary advisory, ICSA-25-155-01, addresses a number of high-impact points in CyberData’s 011209 SIP Emergency Intercom. With a CVSS v4 severity rating of 9.3, this vulnerability, reported by Claroty researcher Vera Mens, permits authentication bypass, SQL injection, and path traversal. Affected programs utilizing firmware variations previous to 22.0.1 are weak to distant code execution and denial-of-service assaults. CISA recommends upgrading to model 22.0.1 and advises isolating the intercoms from public networks utilizing firewalls and VPNs. 

The second alert, ICSA-25-155-02, entails a vital integer overflow in Hitachi Power’s Relion 670, 650 collection, and SAM600-IO gadgets. The flaw resides within the VxWorks OS reminiscence allocator and holds a CVSS v3 rating of 9.8. Exploitation may result in reminiscence corruption, probably crippling protecting relays in energy programs. A number of firmware subversions throughout collection 1.1 to 2.2.5 are affected. Mitigation entails upgrading to model 2.2.5.2 or making use of interim workarounds offered by Hitachi. 

ICSA-21-049-02 (Update H) highlights vulnerabilities in Mitsubishi Electrical’s broad vary of FA Engineering Software program, resembling GX Developer, GT Designer3, and RT ToolBox2. With a CVSS v4 rating of 8.7, attackers can exploit heap-based buffer overflows to crash the software program or intrude with PLC diagnostics in manufacturing unit automation environments. Customers are suggested to put in the newest updates—e.g., GX Developer model 8.507D+ and RT ToolBox2 model 3.74C+. 

Continued Deal with Hitachi Power’s Industrial Management Programs 

CISA’s June launch contains updates to prior ICS advisories regarding Hitachi Power’s Relion merchandise and IEC 61850 MMS Server implementations. Notable amongst them: 

• ICSA-25-133-02 particulars CVE-2023-4518, the place malformed GOOSE messages may trigger weak Relion firmware variations to reboot, making a denial-of-service situation. Firmware collection 2.2.0.x to 2.2.5.6 are affected, and the company recommends upgrading to safe variations resembling 2.2.2.6 or 2.2.3.7. 
• ICSA-23-068-05 (CVE-2022-3864) uncovers weaknesses in firmware signature validation. If exploited by an authenticated attacker, this vulnerability may result in unauthorized firmware uploads. Affected firmware spans throughout variations 2.2.0 to 2.2.5.5. 
• ICSA-21-336-05 is about outdated VxWorks boot elements within the Relion collection. CVE-2021-35535, with a CVSS v4 rating of 8.9, references recognized “Pressing/11” vulnerabilities that might permit TCP session hijacking or packet injection. Customers should patch to no less than model 2.2.2.5 or apply bodily and community isolation methods. 
• ICSA-23-089-01 factors to a medium-severity concern (CVE-2022-3353) in Hitachi’s IEC 61850 MMS Server, the place malformed consumer requests can block new connections. Although scoring a 5.9, it may nonetheless disrupt operations beneath focused situations. 

Conclusion  

CISA’s newest ICS advisories spotlight the pressing want for vital infrastructure operators to safe weak programs towards distant exploitation. With many legacy ICS elements missing fundamental protections, the risks are rising, however so are the instruments. CISA’s steering gives a transparent roadmap: patch programs, phase networks, prohibit entry, monitor threats, and practice employees.  

Associated