In 2020, Kaspersky ICS CERT discovered nine vulnerabilities in the ISaGRAF Runtime platform, which is used as an automation framework in multiple products in various industries across the globe.
Besides the industrial control system (ICS), ISaGRAF's application areas include transportation, power & energy, and other sectors, which means the security of the platform becomes of national interest. The vulnerabilities were fixed by the vendor,
ISaGRAF is a programming technology and execution environment used by industrial entities worldwide. It is owned by
Since the ISaGRAF framework requires adaptation from the end product vendor, it can be difficult to protect users. To find out that a product is vulnerable, the user needs to wait for
Kaspersky ICS CERT analyzed the ISaGRAF framework functionality and discovered nine vulnerabilities that can be exploited by a remote or local attacker - whose ultimate goal is to escape the restricted environment of ISaGRAF and take full control of the device. The research showed that a remote attacker could penetrate the system via the ISaGRAF eXchange Layer (IXL) protocol used to transfer data within the framework.
'The ISaGRAF Runtime environment is considered to be the essential programming tool used within different industries throughout the world, including those of national importance. At Kaspersky, we have discovered several vulnerabilities that might greatly affect this system and its functionality. Although the vendors issued security patches to fix the discovered issues, our report underscores how serious these vulnerabilities in third-party components can be. Once again, we'd like to draw the attention of the product's vendors to the advisory and the need to act on it,' comments
Learn more about the ISaGRAF framework and the uncovered vulnerabilities on Kaspersky's ICS CERT website.
To keep your ICS computers protected from various threats, Kaspersky experts recommend:
Regularly updating operating systems and any application software that are part of the enterprise's industrial network. Apply security fixes and patches to ICS network equipment as soon as they are available.
Conducting regular security audits of OT systems to identify and eliminate possible vulnerabilities.
Using ICS network traffic monitoring, analysis and detection solutions for better protection from attacks that potentially threaten technological processes and main enterprise assets.
Providing dedicated ICS security training for IT security teams and OT engineers. This is crucial to improve response to new and advanced malicious techniques.
Providing the security team responsible for protecting industrial control systems with up-to-date threat intelligence. ICS Threat Intelligence Reporting service provides insights into current threats and attack vectors, as well as the most vulnerable elements in OT and industrial control systems and how to mitigate them.
Using security solutions for OT endpoints and networks such as Kaspersky Industrial CyberSecurity to ensure comprehensive protection for all industry critical systems.
Protect the IT infrastructure. Integrated Endpoint Security protects corporate endpoints and enables automated threat detection and response capabilities.
About Kaspersky ICS CERT
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company's comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com .
(C) 2022 Electronic News Publishing, source