A recent ICS advisory has brought attention to a severe vulnerability affecting HMS Industrial Networks’ Anybus-CompactCom 30. The identified flaw, CVE-2024-6558, stems from inadequate input sanitization during web page generation, leading to Cross-Site Scripting (XSS) vulnerabilities. This issue allows attackers to insert and execute malicious HTML code, potentially compromising the device and connected systems.
The security risk associated with this vulnerability includes the potential for remote code execution, denial-of-service attacks, and unauthorized data access. These outcomes could have significant implications for industrial control systems, which rely on the Anybus-CompactCom 30 for communication within critical infrastructure sectors. The device’s exposure is heightened by its global deployment, affecting systems across various regions.
To address this vulnerability, HMS Industrial Networks has suggested several mitigation strategies. Users are advised to add password protection to web pages served by the device, disable or restrict web server access, and ensure that the equipment operates within a secure network environment. Alternatively, replacing the Anybus-CompactCom 30 with a newer model, such as the Anybus-CompactCom 40, is recommended to avoid the flaw altogether.
In addition, CISA has provided guidance for minimizing risks associated with the vulnerability. It is crucial to limit network exposure of control systems, utilize secure remote access methods, and implement firewalls to isolate critical infrastructure. Organizations are encouraged to follow these practices and report any suspicious activity to CISA for further analysis and correlation with other incidents.