Cybersecurity

CISA has published an advisory on a classic buffer overflow vulnerability in Hirschmann Automation and Control HiOS and HiSecOS Products. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to overflow a buffer and fully compromise the device.

The FBI has published a Private Industry Notification (PIN) on Kwampirs, a remote access Trojan the FBI says has heavily targeted several industries, including energy and the software supply chain. As described in the PIN, a campaign with Kwampirs employs a two-phased approach. The first phase establishes a broad and persistent presence on the targeted network, to include delivery and execution of secondary malware payload(s). The second phase includes the delivery of additional Kwampirs components or malicious payload(s) to further exploit the infected victim host(s).

CISA has published an advisory on a stack-based buffer overflow vulnerability in Advantech WebAccess. Versions 8.4.2 and prior are affected. Successful exploitation of this vulnerability may allow remote code execution. Advantech has released Version 8.4.4 of WebAccessNode to address the reported vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

With countless utilities having implemented teleworking for much of their non-critical roles during the COVID-19 situation, it is likely that many did not have policies, procedures, or even infrastructure or devices in place to support a remote workforce. As such, many staff were probably sent home with little knowledge or resources on how to perform their jobs securely from remote locations and/or personal devices.