On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell ArmorStart, and Rockwell Automation Factory Talk Vantagepoint.
The Snap One vulnerabilities, if exploited, “could allow an attacker to impersonate and claim devices, execute arbitrary code, and disclose information about the affected device.” CISA recommends that organizations minimize the vulnerability by following Snap One’s release notes on patching the vulnerabilities.
The Rockwell ArmorStart vulnerabilities, if exploited, “could allow a malicious user to view and modify sensitive data or make the web page unavailable.” CISA recommends that users follow the measures outlined by Rockwell and to:
- Locate control system networks and remote devices behind firewalls and isolate them from business networks.
- When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
According to CISA, the Rockwell Automation FactoryTalk Vantagepoint vulnerabilities, if exploited, “could allow an attacker to impersonate an existing user or execute a cross site request forgery attack.” According to the CISA Alert, Rockwell “recommends users update to V8.40 or later…and are encouraged to implement Rockwell Automation’s suggested Security Best Practices to minimize risk associated with the vulnerability and provide training about social engineering attacks, such as phishing.” In addition, CISA recommends that users be alerted to protect themselves from social engineering attacks.