EisBaer Scada System Vulnerability Allows Unauthorized Access

CVECVE-2023-42491
CVSScvssV3_1: 8.8
SourceCVE-2023-42491

The EisBaer Scada system, used for industrial control systems, has been found to have a high severity authorization vulnerability.

CVE-2023-42491 has been assigned to this issue, which has a CVSS score of 8.8 out of 10, indicating its potential impact. The specific CWE being CWE-285 means it is related to improper authorization checks.

This allows an attacker without valid credentials to potentially gain access and control of the Scada system. As these are used to monitor and manage critical infrastructure, this poses serious risks.

An attacker could exploit this by intercepting unencrypted communications or directly connecting to exposed and vulnerable systems on the network. They would then be able to bypass authorization and login as if they had valid permissions.

This gives them the ability to view sensitive information, interfere with industrial processes, or even cause physical damage if targeting the right systems.

To protect industrial control networks, EisBaer recommends installing the latest software updates released to address this issue. Organizations should also implement secure authentication, authorization, encryption of communications, and isolate these systems on their own secure network zone whenever possible.

References