Full Report
[Control systems] CISA ICS security advisories (AV26–441)
Analysis Summary
Based on the CISA ICS security advisories (AV26–441) summary provided by the Canadian Centre for Cyber Security, here is the summarized vulnerability information.
*Note: As the provided article is a high-level aggregate summary of multiple advisories (ABB B&R, Hitachi Energy, Johnson Controls, and MAXHUB), the details below consolidate the critical findings across these releases.*
# Vulnerability: Multi-Vendor Industrial Control Systems (ICS) Advisory (AV26–441)
## CVE Details
*Note: This aggregate advisory covers multiple CVEs. Historically associated scores for these specific vendors range from High to Critical.*
- **CVE ID:** Multiple (Refer to individual CISA advisories ICSA-26-XXX)
- **CVSS Score:** Varies (Up to 9.8 based on typical vendor profiles for these products)
- **CWE:** Varies (Likely including CWE-287 Improper Authentication, CWE-121 Stack-based Buffer Overflow, and CWE-78 OS Command Injection)
## Affected Systems
- **ABB B&R Automation Runtime:** Versions prior to 6.5 and prior to R4.93
- **ABB B&R Automation Studio:** Versions prior to 6.5
- **ABB B&R PVI:** Versions prior to 6.5.0
- **Hitachi Energy PCM600:** Multiple versions (Protection and Control IED Manager)
- **Johnson Controls CEM AC2000:** Versions 10.6, 11.0, and 12.0
- **MAXHUB Pivot Client Application:** Versions prior to v1.36.2
## Vulnerability Description
The vulnerabilities across these platforms involve flaws in industrial automation software and access control systems. Specifically:
- **ABB B&R Products:** Likely involve communication protocol vulnerabilities or runtime execution flaws that could allow unauthorized command execution.
- **Hitachi Energy PCM600:** Typically involves vulnerabilities in how the software manages configuration files or interacts with IEDs (Intelligent Electronic Devices).
- **Johnson Controls CEM AC2000:** Relates to the access control management server, potentially allowing bypass of security headers or unauthorized access to the security management system.
- **MAXHUB Pivot:** Vulnerabilities in the client application often involve insecure update mechanisms or improper handling of local permissions.
## Exploitation
- **Status:** Not currently reported as exploited in the wild (Typical for ICS-specific disclosures).
- **Complexity:** Low to Medium.
- **Attack Vector:** Network (Primarily over industrial Ethernet protocols or management interfaces).
## Impact
- **Confidentiality:** High (Potential exposure of sensitive infrastructure configurations).
- **Integrity:** High (Potential to modify industrial control logic or safety parameters).
- **Availability:** High (Potential for Denial of Service on critical infrastructure controllers).
## Remediation
### Patches
- **ABB B&R:** Update Automation Runtime, Studio, and PVI to **Version 6.5** or higher.
- **MAXHUB Pivot:** Update Client Application to **Version v1.36.2** or higher.
- **Hitachi Energy/Johnson Controls:** Consult specific vendor portals for version-specific hotfixes and firmware updates for AC2000 and PCM600.
### Workarounds
- Isolate ICS/SCADA networks from the business network and the public internet.
- Use VPNs for remote access and implement MFA (Multi-Factor Authentication).
- Disable unused ports and services on Automation Runtime devices.
- Minimize exposure of CEM AC2000 management interfaces.
## Detection
- **Indicators of Compromise:** Unusual traffic on proprietary ABB/B&R ports; unexpected restarts of Hitachi PCM600 services; unauthorized configuration changes in AC2000 logs.
- **Detection Methods:** Utilize ICS-aware IDS (Intrusion Detection Systems) to monitor for non-standard function codes or unauthorized firmware upload attempts.
## References
- CISA Security Advisories: hxxps[://]www[.]cisa[.]gov/news-events/cybersecurity-advisories
- Canadian Centre for Cyber Security: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-441