Bulletin cybersec indus hebdo 24.S28

22.07.24 08:44 - Commentaire(s) - Par Sabri Khemissa

Les news relatives à la cybersécurité des installations industrielles

Actualité

Guide pour la préparation à la gestion d'incidents cyber en environnement industriel

Le RITICS (Research Institute In Trustworthy Inter-Connected Cyber-Physical Systems), institut anglais dédié à la cybersécurité des systèmes industriel et créé par l'agence de cybersécurité anglaise, a publié un guide destiné à aider les organisations à se préparer à la gestion  des incidents cyber. 

https://ritics.org/wp-content/uploads/2024/06/ICS-COI-Considerations-for-Cyber-Incident-Response-Planning-within-ICS-and-OT.pdf

-----

Automatisation et orchestration au coeur d'une approche Zero Trust selon la NSA

La NSA a publié à guide de mise en place d'une approche Zeo Trust avec comme leviers de la transformation : l'automatisation et l'orchestration. Même si le contenu est très focalisé sur les outils, notamment la SOAR et l'IA, il ressort clairement qu'il est important de bien réfléchir les processus de réponse à automatiser afin de réduire le temps entre la détection et la réaction.

https://media.defense.gov/2024/Jul/10/2003500250/-1/-1/0/CSI-ZT-AUTOMATION-ORCHESTRATION-PILLAR.PDF 

-----

Publication des TTPs des 14 plus actifs opérateurs de ransomware par Talos

La publication dresse un profil, on y retrouve les principaux vecteurs d'accès : applications exposées sur Internet et phishing, mais aussi les principales méthodes d'évasion.

https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks/

Nos dernières publications

Constuire son plan protection des installations industrielles

https://www.fortress-cybersecurity.fr/plan-cyber-indus

Vulnerability Corner
🔥Liste des Known Exploited Vulnerabilities (KEV) publiés par l'agence de cybersécurité américaine CISA la semaine précédente :
- CVE-2024-23692 : Rejetto HTTP File ServerRejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability  https://github.com/rejetto/hfs?tab=readme-ov-file#installation https://www.rejetto.com/hfs/
- CVE-2024-38080 : Microsoft Windows Microsoft Windows Hyper-V Privilege Escalation Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38080
- CVE-2024-38112 : Microsoft Windows Microsoft Windows MSHTML Platform Spoofing Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112
------
Vulnérabilités de composants de systèmes industriels :
53 x Siemens :
Produits concernés : JT Open and PLM XML SDK,  Mendix Encryption, Remote Connect Server, RUGGEDCOM, RUGGEDCOM APE 1808, RUGGEDCOM APE1808, SCALANCE, RUGGEDCOM, SIPLUS, and SINEC, SIMATIC STEP 7 (TIA Portal), SIMATIC WinCC, SIMATIC, SIMIT, Simcenter Femap, SINEMA Remote Connect Server, SIPROTEC ,Teamcenter Visualization, JT2Go, TIA Portal and SIMATIC STEP 7, TIA Portal, SIMATIC, and SIRIUS
- 3 x Critical
- 32 x High
- 16 x Medium
- 2 x Low

5 x Rockwell Automation :
Produits concernés : 
- 2 x Critical
- 1 x High
- 2 x Medium

4 x Delta Electronics :
Produits concernés : 
- 4 x High

3 x Johnson Controls Inc. :
Produits concernés : 
- 2 x High
- 1 x Medium

1 x HMS Industrial Networks :
Produits concernés : 
- 1 x Medium

1 x Mitsubishi Electric :
Produits concernés : 
- 1 x High

Liste compléte triée par CVSSv3 Score :
VendorProductCVECVSSv3 ScoreCVSSv3 SeverityCVSSv3 VectorEPSSPERCENTILECWE
SiemensRemote Connect ServerCVE-2022-322609,8CriticalAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H0,00170,543CWE-286
Rockwell AutomationThinManager ThinServerCVE-2024-59889,8CriticalAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-20
Rockwell AutomationThinManager ThinServerCVE-2024-59899,8CriticalAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-20
SiemensRemote Connect ServerCVE-2024-398729,6CriticalAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N0,000430,0926CWE-378
SiemensSCALANCE, RUGGEDCOM, SIPLUS, and SINECCVE-2024-35969CriticalAV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H0,000450,1587CWE-924
Johnson Controls Inc.Software House C-CURE 9000CVE-2024-327598,8HighAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-1391
Johnson Controls Inc.Software House C-CURE 9000CVE-2024-328618,8HighAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H00CWE-276
Mitsubishi ElectricMI5122-VWCVE-2024-39048,8HighAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H0,000430,0926CWE-276
SiemensSINEMA Remote Connect ServerCVE-2024-395708,8HighAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-77
SiemensSINEMA Remote Connect ServerCVE-2024-395718,8HighAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-77
SiemensRUGGEDCOMCVE-2024-396758,8HighAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-497
SiemensRemote Connect ServerCVE-2024-398658,8HighAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-434
SiemensRemote Connect ServerCVE-2024-398668,8HighAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-267
SiemensSIMATIC STEP 7 (TIA Portal)CVE-2022-451477,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-502
SiemensTeamcenter Visualization, JT2GoCVE-2023-70667,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H00CWE-125
SiemensSimcenter FemapCVE-2024-320557,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-125
SiemensSimcenter FemapCVE-2024-320567,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-787
SiemensSimcenter FemapCVE-2024-320577,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000460,1653CWE-125
SiemensSimcenter FemapCVE-2024-320587,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000460,1653CWE-119
SiemensSimcenter FemapCVE-2024-320597,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000460,1653CWE-125
SiemensSimcenter FemapCVE-2024-320607,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000460,1653CWE-125
SiemensSimcenter FemapCVE-2024-320617,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000460,1653CWE-125
SiemensSimcenter FemapCVE-2024-320627,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000460,1653CWE-843
SiemensSimcenter FemapCVE-2024-320637,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000460,1653CWE-843
SiemensSimcenter FemapCVE-2024-320647,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000460,1653CWE-125
SiemensSimcenter FemapCVE-2024-320657,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000460,1653CWE-125
SiemensSimcenter FemapCVE-2024-320667,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000460,1653CWE-125
SiemensSimcenter FemapCVE-2024-335777,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-121
SiemensSimcenter FemapCVE-2024-336537,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-125
SiemensSimcenter FemapCVE-2024-336547,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-125
SiemensJT Open and PLM XML SDKCVE-2024-379977,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-121
SiemensSINEMA Remote Connect ServerCVE-2024-395677,8HighAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-77
SiemensSINEMA Remote Connect ServerCVE-2024-395687,8HighAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-77
Delta ElectronicsCNCSoft-G2CVE-2024-398807,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-121
Delta ElectronicsCNCSoft-G2CVE-2024-398817,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-787
Delta ElectronicsCNCSoft-G2CVE-2024-398827,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-125
Delta ElectronicsCNCSoft-G2CVE-2024-398837,8HighAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-122
SiemensRemote Connect ServerCVE-2024-398677,6HighAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H0,000430,0926CWE-425
SiemensRemote Connect ServerCVE-2024-398687,6HighAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H0,000430,0926CWE-425
SiemensRUGGEDCOMCVE-2023-522377,5HighAV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-200
SiemensRUGGEDCOM APE 1808CVE-2024-260107,5HighAV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-121
SiemensRemote Connect ServerCVE-2024-398737,5HighAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N0,000430,0926CWE-307
SiemensRemote Connect ServerCVE-2024-398747,5HighAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N0,000430,0926CWE-307
SiemensMendix EncryptionCVE-2024-398887,5HighAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N0,000430,0926CWE-547
Rockwell AutomationThinManager ThinServerCVE-2024-59907,5HighAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H0,000430,0926CWE-20
Johnson Controls Inc.Illustra Pro Gen 4CVE-2024-327536,9MediumAV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N00CWE-1395
SiemensRUGGEDCOM APE 1808CVE-2024-231116,8MediumAV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-79
SiemensRUGGEDCOM APE 1808CVE-2023-467206,7MediumAV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-121
SiemensRUGGEDCOMCVE-2024-382786,6MediumAV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-266
SiemensSINEMA Remote Connect ServerCVE-2024-395696,6MediumAV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H0,000430,0926CWE-77
SiemensTIA Portal, SIMATIC, and SIRIUSCVE-2023-327356,5MediumAV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-502
SiemensRemote Connect ServerCVE-2024-398696,5MediumAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H0,000430,0926CWE-754
Rockwell AutomationFactoryTalk System Services and Policy ManagerCVE-2024-63256,5MediumAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N00CWE-269
SiemensTIA Portal and SIMATIC STEP 7CVE-2023-327376,3MediumAV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H0,000430,0926CWE-502
SiemensRemote Connect ServerCVE-2024-398706,3MediumAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L0,000430,0926CWE-602
SiemensRemote Connect ServerCVE-2024-398716,3MediumAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L0,000430,0926CWE-863
HMS Industrial NetworksAnybus-CompactCom 30CVE-2024-65586,3MediumAV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L00CWE-79
SiemensRUGGEDCOM APE1808CVE-2023-487955,9MediumAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N0,962520,9955CWE-222
SiemensSIMATIC WinCCCVE-2024-303215,9MediumAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N0,000430,0926CWE-359
SiemensSIPROTECCVE-2024-388675,9MediumAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N0,000430,0926CWE-326
Rockwell AutomationFactoryTalk System Services and Policy ManagerCVE-2024-62365,9MediumAV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N0,000430,0926CWE-269
SiemensSIMATIC, SIMITCVE-2023-528915,3MediumAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L0,000430,0926CWE-1325
SiemensRUGGEDCOMCVE-2023-522384,3MediumAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N0,000430,0926CWE-200
SiemensRemote Connect ServerCVE-2024-398754,3MediumAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N0,000430,0926CWE-732
SiemensRemote Connect ServerCVE-2024-398764MediumAV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L0,000430,0926CWE-770
SiemensJT Open and PLM XML SDKCVE-2024-379963,3LowAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L0,000430,0926CWE-476
SiemensRUGGEDCOM APE 1808CVE-2024-217541,8LowAV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N0,000430,0926CWE-916
Actualité Fortress Cybersecurity

Nos prochains webinaires dédiés à la cybersécurité des installations industrielles

5 septembre 2024 : Gestion des vulnérabilités en environnement industriel

3 octobre 2024 : Construire le plan de protection de ses installations industrielles

7 novembre 2024 : Segmentation des réseaux industriels

5 décembre 2024 : Protection des nouvelles tendances Industrie 4.0 : sécurité des réseaux 5G privés

Sabri Khemissa

Catégories -
newsletter
Balises -