ICS/OTICS Patch Tuesday: Siemens and Schneider Electric Releases Patch for 50 vulnerabilities

July 12, 2023

Siemens and Schneider Electric published nine new security warnings that together addressed 50 vulnerabilities impacting its industrial devices.

Recently, Schneider Electric and Siemens Energy indicated that they were the targets of the Cl0p ransomware group’s attack that took use of a MOVEit zero-day vulnerability.

Siemens Patches

To alert consumers to the existence of fixes for more than 40 vulnerabilities, Siemens has published five new advisories.

Siemens fixed a ‘high-severity’ defect that might allow an attacker to get around network isolation as well as a ‘critical’ flaw that could be used to acquire admin access and take full control of a device in its Simatic CN 4100 communication system.

The company patched 21 vulnerabilities in Ruggedcom ROX products, including ones that could be used to steal data, run arbitrary commands or code, create a DoS scenario, or carry out arbitrary activities via CSRF attacks.

The bulk of these security flaws has ‘critical’ or ‘high’ severity rankings and some of them affect third-party components.

In Simatic MV500 optical readers, including in its web server and third-party components, over a dozen vulnerabilities, including ‘critical’ and ‘high-severity; issues, have been fixed. Information disclosure or DoS might result from exploitation.

Patches for six ‘high-severity’ problems with the Tecnomatix Plant Simulation software have also been patched.

By convincing the intended user to open specially crafted files, they provide an attacker the ability to crash the application or maybe execute arbitrary code.

Additionally, Siemens fixed a serious DoS problem affecting the SiPass access control system.

Schneider Electric Patches

There are four new advisories from Schneider Electric. They address six weaknesses in the company’s products as well as over a dozen problems impacting a third-party component, the Codesys runtime system V3 communication server.

Reports say the PacDrive and Modicon controllers, Harmony HMIs, and the SoftSPS simulation runtime integrated with EcoStruxure Machine Expert are all affected by the Codesys weaknesses. Exploiting the security flaws may result in remote code execution and DoS.

Schneider fixed two high-severity and two medium-severity flaws that might have allowed for unauthorized access or remote code execution in the StruxureWare Data Centre Expert (DCE) monitoring software.

Further, a ‘medium-severity’ information disclosure weakness has been patched in the EcoStruxure OPC UA Server Expert product, while a high-severity vulnerability has been addressed in the Accutech Manager sensor application.

The post ICS/OTICS Patch Tuesday: Siemens and Schneider Electric Releases Patch for 50 vulnerabilities appeared first on Cyber Security News.

Cyber Security News

Commando Cat Attacking Docker Endpoints to Install Crypto Miners

[[{“value”:”

A recent malware campaign dubbed “Commando Cat” has set its sights on exposed Docker API endpoints, posing a significant threat to cloud environments.

This detailed analysis published by CADO delves into its inner workings, uncovering its techniques, motivations, and potential impact.

Document

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Initial Infiltration:

The attackers exploit exposed Docker API instances, delivering malicious payloads disguised as legitimate tools.

These payloads leverage the chroot command to escape container confines and gain access to the host system.

The malware creates backdoors by adding SSH keys and hidden user accounts, granting attackers persistent access.

A custom script hides processes, making detection even more challenging.

Exfiltrating Valuable Data:

The campaign employs various scripts to steal credentials from cloud service providers, environment variables, and even Docker containers.

This stolen data grants attackers deeper access to networks and potentially sensitive information.

Commando Cat deploys a custom XMRig miner disguised as Docker components, siphoning off computing power for crypto mining.

The malware even eliminates competing miners, ensuring it gets the biggest slice of the resource pie.

Securing Its Turf:

The campaign blackholes the Docker registry to prevent other attackers from interfering, effectively isolating the infected system.

This “scorched earth” tactic highlights the ruthlessness of this campaign.

Key Takeaways:

Commando Cat employs sophisticated evasion techniques, making it difficult to detect and remove.

Its focus on stealing credentials and cryptojacking reveals its profit-driven motives.

The campaign’s association with previously observed malware suggests the existence of copycat groups exploiting established tactics.

Users and organizations must patch vulnerabilities, secure Docker API endpoints, and implement robust endpoint detection and response (EDR) solutions.

Follow us on LinkedIn for the latest cybersecurity news, whitepapers, infographics, and more. Stay informed and up-to-date with the latest trends in cybersecurity.

The post Commando Cat Attacking Docker Endpoints to Install Crypto Miners appeared first on Cyber Security News.

“}]] Read More

Cyber Security News

Cisco Webex Meetings Meeting Flaw Let Attackers Gain Unauthorized Access

Cisco has disclosed a significant security vulnerability in its Webex Meetings platform that allowed unauthorized access to meeting information and metadata.

The issue, identified in early May 2024, affected certain customers hosted in Cisco’s Frankfurt data center.

The vulnerability was discovered during targeted security research activities. It enabled unauthorized access to sensitive meeting details, potentially risking the confidentiality and integrity of the affected meetings.

Cisco has since addressed the bugs and implemented a fix worldwide as of May 28, 2024.

The security flaw was found in the Cisco Webex Meetings platform, which is widely used for virtual meetings and collaboration.

The vulnerability allowed unauthorized parties to access meeting information and metadata, including details such as meeting times, participants, and potentially sensitive discussions.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

Cisco has taken swift action to mitigate the issue. The company has notified affected customers and confirmed that no further unauthorized attempts to access meeting data have been observed since the fix was implemented.

Cisco continues to monitor for any unauthorized activity and conducts an ongoing investigation to ensure the security of its platform.

Recommendations for Users

Cisco advises Webex Meetings customers to stay vigilant and monitor regular support channels for further communication. The company has also provided a detailed list of security recommendations for Webex Meeting hosts and administrators to enhance security measures.

Cisco is committed to working with the security community to enhance industry-wide security standards.

The company encourages users to engage with its support channels for any further questions or concerns regarding the security of their Webex Meetings.

The Cisco Security Vulnerability Policy provides more detailed information on the security recommendations and Cisco’s vulnerability disclosure policies.

Cisco Webex Meetings customers are encouraged to follow the official communication channels provided by Cisco for further updates and detailed security recommendations.

Looking for Full Data Breach Protection? Try Cynet’s All-in-One Cybersecurity Platform for MSPs: Try Free Demo

The post Cisco Webex Meetings Meeting Flaw Let Attackers Gain Unauthorized Access appeared first on Cyber Security News.