Security Intelligence
Loading table of contents...
Five high-severity vulnerabilities have been discovered in two supervisory control and data acquisition (SCADA) products used by organizations to help monitor, control and visualize industrial processes in real-time.
The following vulnerabilities were discovered:
- CVE-2024-1182 – DLL hijacking
- CVE-2024-7587 – Incorrect default permission
- CVE-2024-8299 and CVE-2024-9852 - Uncontrolled search path element
- CVE-2024-8300 – Dead code
Stay on top of emerging threats.
Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities.
The vulnerabilities could be exploited by threat actors with local access to execute code, elevate privileges, and modify critical system files. The affected products include both Ionics’ Genesis64 and Mitsubishi Electric’s MCWorks64 SCADA solutions.
Due to the importance of keeping SCADA systems secure, details regarding the vulnerabilities were only recently released, giving the manufacturers plenty of time to release security patches before the details were publicly disclosed.
Source: SecurityWeek
Analysis
Compromising SCADA and industrial control systems (ICS) can have devastating consequences, as these systems control critical infrastructure such as power grids, water treatment plants, transportation networks, and manufacturing facilities.
Unlike traditional IT breaches that often result in data theft or financial losses, attacks on SCADA/ICS can cause physical damage, service disruptions, and even threaten human safety. Because these systems were traditionally designed for reliability over security, and never intended to be accessed remotely to the extent they are today, many remain vulnerable to cyber threats.
One of the most notorious real-world examples is the Stuxnet attack (2010), where a sophisticated cyberweapon, allegedly developed by the U.S. and Israel, targeted Iran’s nuclear centrifuges at the Natanz facility. Stuxnet exploited zero-day vulnerabilities to infect Siemens’ SCADA systems, causing centrifuges to spin at abnormal speeds, ultimately sabotaging Iran’s nuclear program. This attack demonstrated that cyberwarfare could directly impact physical infrastructure, setting a precedent for nation-state cyberattacks on industrial systems.
Another significant incident was the 2015 and 2016 Ukraine power grid attacks, attributed to the Russian hacking group Sandworm. In 2015, attackers gained access to SCADA systems controlling Ukraine’s electrical substations, using remote access to shut down power to nearly 230,000 people.
A year later, the more advanced Industroyer/CrashOverride malware targeted Ukraine’s grid again, showcasing how cyberattacks could systematically disrupt national infrastructure. These attacks revealed the vulnerability of energy grids and how state-sponsored hackers could leverage SCADA system weaknesses to achieve strategic geopolitical goals.
More recently, in 2021, the Oldsmar, Florida water treatment facility was targeted when a hacker attempted to increase sodium hydroxide (lye) levels in the water supply to dangerous concentrations. The attacker exploited remote access software used by the facility’s SCADA system, highlighting poor security practices in industrial environments, such as default passwords and lack of multi-factor authentication (MFA). Fortunately, an operator noticed the anomaly and intervened before any harm occurred. Still, the incident served as a wake-up call regarding the risks of insecure remote access in critical infrastructure.
These real-world cases emphasize the critical need for cybersecurity in SCADA and ICS environments. As industrial systems become more interconnected, organizations must prioritize network segmentation, regular patching, MFA, and continuous monitoring to protect against cyber threats that could have severe, real-world consequences.
Mitigation
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for threats targeting SCADA/ICS. Field Effect MDR users are automatically notified if vulnerable SCADA/ICS are detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly encourages organizations to apply the necessary patches as soon as possible to mitigate the risks associated with these vulnerabilities.
