The Cybersecurity and Infrastructure Security Agency (CISA) released four Industrial Control Systems (ICS) advisories on March 14, 2023.
These advisories aim to provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
The ICSA-23-073-01 Omron CJ1m PLC advisory reveals that successful exploitation of these vulnerabilities could allow an attacker to bypass user memory protections by writing to a specific memory address.
In addition, an attacker can overwrite passwords and lock engineers from reading their memory regions.
Moreover, ICSA-23-073-02 Autodesk FBX SDK advisory warns that successful exploitation of these vulnerabilities could lead to code execution or a denial-of-service condition.
Products using Autodesk FBX SDK software are affected by these vulnerabilities.
The ICSA-23-073-03 GE iFIX advisory states that successful exploitation of this vulnerability could lead to privilege escalation and full control of the system.
Lastly, ICSA-23-073-04 AVEVA Plant SCADA and AVEVA Telemetry Server advisory warns that successful exploitation of this vulnerability could allow an unauthenticated user to read data, cause a denial of service, and tamper with alarm states.
The newly released advisories serve as a reminder for organizations to remain vigilant and prioritize the security of their ICS systems.
Failure to address these vulnerabilities could result in significant harm to critical infrastructure systems.
Therefore, organizations are encouraged to review the technical details and mitigations provided in the advisories to reduce their exposure to potential cyberattacks.