Prioritizing Vulnerability Remediation in OT Cybersecurity
Respond to growing OT vulnerabilities and put CISA’s guidance to improve ICS security into action for critical infrastructure industries.
Learn MoreSubscribe to stay in the loop with the latest OT cyber security best practices.
The recent discovery of vulnerabilities in industrial control systems (ICS) manufactured by Honeywell and Rockwell Automation has sparked serious concerns in digital security. The potential disruptions or damage to operations across sectors that depend on these systems are significant.
This article provides an insightful overview of the vulnerabilities, the potential risks associated with these vulnerabilities, recommended mitigation strategies, and specific guidance for clients on leveraging Verve technology and support to address these vulnerabilities efficiently and effectively.
Honeywell detected critical vulnerabilities in its Experion PKS, LX, and PlantCruise systems. These vulnerabilities show a low attack complexity and enable remote exploitation. If malicious actors gain access, they can infiltrate the operational memory of these systems, potentially engaging in unauthorized activities.
Heap-based Buffer Overflow (CWE-122): Assigned CVE-2023-23585; this vulnerability may trigger a denial-of-service condition when dealing with a specially crafted message. Its CVSS v3 base score of 9.8 signals its critical severity.
Stack-based Buffer Overflow (CWE-121): Linked to CVE-2023-25078, this flaw could lead to a denial-of-service or remote code execution while handling a specific configuration operation. Its CVSS v3 base score of 9.8 marks it as critically severe.
Out-of-bounds Write, Uncontrolled Resource Consumption, Improper Encoding or Escaping of Output, Deserialization of Untrusted Data, Improper Input Validation, and Incorrect Comparison: These vulnerabilities, all with CVSS v3 base scores of 9.8, may result in denial-of-service, privilege escalation, or remote code execution.
Insufficient Verification of Data Authenticity: CVE-2023-25178 could enable attackers to load malicious firmware, potentially enabling remote code execution. It carries a CVSS v3 base score of 7.5.
The repercussions of exploiting these vulnerabilities could be severe, including denial-of-service conditions, privilege escalation, and remote code execution, leading to losing visibility and control of Operational Technology (OT) processes.
An attacker exploiting CVE-2023-25178 could load malicious firmware and execute remote code.
These vulnerabilities impact both the software and firmware aspects of multiple Honeywell products. Most control environments have several endpoints, all of which expose these vulnerabilities. If an attacker were to exploit these vulnerabilities, there is a high likelihood of lateral movement within the environment.
Honeywell has made the following recommendations:
Rockwell Automation discovered critical vulnerabilities in several of its communication modules. These vulnerabilities offer low attack complexity and are susceptible to remote exploitation. Given this access, attackers have the potential to infiltrate the running memory of the affected modules, leading to unauthorized activities.
The vulnerabilities affect a vast range of Rockwell Automation products. The affected models include:
The critical vulnerabilities within these models could potentially allow malicious users to:
These vulnerabilities have been assigned a severity rating with a CVSS v3 base score of 9.8 and 7.5. Their exploitation could lead to severe consequences like denial-of-service conditions, privilege escalation, or remote code execution. Successful exploitation may result in the loss of visibility or control of assets.
A case in point is CVE-2023-3595, which could allow an attacker to persist within an asset, potentially installing backdoors and enabling lateral movement within the environment.
Rockwell Automation has taken decisive action to counter these vulnerabilities. The company recommends standard firmware updates for affected devices.
Specific updates for each product are as follows:
Further, Rockwell Automation advocates following defensive measures like network segmentation, secure remote access, and regular impact analysis and risk assessment.
The Verve Security Center offers a comprehensive suite of tools and services for detecting, assessing, and mitigating these potential risks. Here is how to use Verve to help address the Honeywell and Rockwell vulnerabilities:
Verve stays committed to providing support in the face of these recent vulnerabilities. Clients are encouraged to contact their assigned Customer Success representative for individualized help and guidance if more support is needed.
The recent vulnerabilities discovered in Honeywell and Rockwell Automation systems are a stark reminder of the critical importance of vigilant OT systems management. Safeguarding assets and implementing CISA-recommended measures are fundamental to maintaining a secure operational environment.
The essence of this proactive strategy lies in its ability to empower operators to act decisively and promptly to mitigate risk rather than solely relying on public information and official updates.
The foundation of this approach is rooted in best practices for vulnerability management, with the guidance from the Cybersecurity and Infrastructure Security Agency (CISA) being still highly relevant:
These practices lay the groundwork for robust OT Systems Management, serving as the essential pillars in constructing a potent defensive strategy.
Building upon this robust foundation, Verve designed a 360-degree risk prioritization model that enhances and refines the vulnerability management process. This model is an amalgamation of several key elements:
The 360-degree risk prioritization model forms a complementary layer atop the foundational best practices. This combination leads to a comprehensive approach to vulnerability management that is both proactive and strategic, capable of responding to the ever-evolving challenges in the OT landscape.
The recent vulnerabilities in Honeywell and Rockwell Automation systems underscore the ongoing threats to critical infrastructure sectors. At Verve, we are committed to addressing these challenges and being your trusted partner in OT security.
With our advanced vulnerability identification and mitigation capabilities, we offer a comprehensive solution to fortify OT security. Leveraging technologies like 360-degree risk prioritization and real-time tracking, we provide actionable insights and effective response measures.
Whether you are an existing client or an organization grappling with vulnerabilities in Honeywell and Rockwell systems, we can help. Our dedicated team is ready to provide guidance, expertise, and strategic insights to enhance your OT security.
Respond to growing OT vulnerabilities and put CISA’s guidance to improve ICS security into action for critical infrastructure industries.
Learn MoreWhile there has been a string of alerts and buzz around naming the various threats, the recommendations remain the same: Manage your OT systems through core security fundamentals.
Learn MoreLearn how to effectively assess and prioritize ICS vulnerabilities with Robert Held, VP at Verve Industrial, in this insightful discussion.
Learn More