CISA issued four ICS advisories on July 11, 2023, covering Rockwell Automation Enhanced HIM, Sensormatic Electronics iSTAR, Panasonic Control FPWin Pro7, and Mitsubishi Electric MELSEC-F Series, providing information on security issues, vulnerabilities, and mitigations for Industrial Control Systems (ICS).
ICSA-23-192-01 Rockwell Automation Enhanced HIM
Rockwell Automation’s Enhanced HIM communication interface is affected by a cross-site request forgery (CSRF) vulnerability. Exploitation of this vulnerability could result in sensitive information disclosure and full remote access to the affected products. Rockwell Automation recommends users update to Enhanced HIM Version 1.002 and follow their best security practices. CISA advises organizations to minimize network exposure, isolate control system networks, and use secure remote access methods. They also provide additional guidance and recommended practices to enhance cybersecurity in industrial control systems. No known public exploits targeting this vulnerability have been identified.
ICSA-23-192-02 Sensormatic Electronics iSTAR
Sensormatic Electronics’ iSTAR devices are vulnerable to improper authentication, allowing unauthenticated users to log in with administrator rights. The affected products include iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with specific firmware versions. Successful exploitation of this vulnerability could lead to unauthorized access to the devices. Johnson Controls, the parent company, recommends upgrading the firmware to version 6.9.2 CU01 as a mitigation measure. CISA advises minimizing network exposure, isolating control system networks, and using secure remote access methods. No known public exploits targeting this vulnerability have been reported, but the attack complexity is considered high.
ICSA-23-192-03 Panasonic Control FPWin Pro7
Panasonic’s Control FPWin Pro7 software is affected by multiple vulnerabilities, including stack-based buffer overflow, type confusion, and improper restriction of operations within a memory buffer. Successful exploitation of these vulnerabilities could lead to information disclosure or remote code execution. Panasonic has released version 7.7.0.0 of the software to address these issues. CISA recommends implementing defensive measures such as isolating control system networks and using secure remote access methods. No known public exploits for these vulnerabilities exist, and they are not exploitable remotely.
ICSA-23-180-04 Mitsubishi Electric MELSEC-F Series (Update A)
Mitsubishi Electric’s MELSEC-F Series products, specifically the Control FPWIN Pro7 software, are vulnerable to an authentication bypass by capture-replay attack. This vulnerability could allow an attacker to log in to the product by sending specially crafted packets. The affected products include various versions of the MELSEC-F Series, and Mitsubishi Electric has recommended using firewalls or virtual private networks (VPNs) to prevent unauthorized access. CISA advises implementing defensive measures, performing impact analysis and risk assessment, and following their control systems security recommended practices to mitigate the risk. No known public exploits specifically target this vulnerability, but it can be exploited remotely with low attack complexity.
