Prosys OPC UA Simulation Server Insufficiently Protected Credentials Vulnerability (CVE-2022-2967)

Key Information Vulnerability Overview - CVSS v3: 6.5 - Notes: Low attack complexity - Vendor: Prosys OPC - Products: UA Simulation Server, UA Modbus Server - Vulnerability Type: Insufficiently Protected Credentials Update Information - This update announcement is a follow-up to the ICS-22-349-01 Prosys OPC UA Simulation Server advisory released on December 15, 2022. Risk Assessment - Successful exploitation of this vulnerability could allow an attacker to obtain credentials and access system data. Technical Details - Affected Products - Prosys OPC UA Simulation Server versions prior to v5.3.0-64 - Prosys OPC UA Modbus Server versions 1.4.18-5 and earlier - Vulnerability Description - Prosys OPC UA Simulation Server v5.03-64 has insufficient credential protection, which could allow attackers to obtain user credentials and access system data. - CVE ID: CVE-2022-2967 Background - Critical Infrastructure Sectors: Critical Manufacturing, Energy, Information Technology - Deployed Countries/Regions: Global - Company Headquarters Location: Finland Researchers - This vulnerability was reported to CISA by Parvin Kumar, Dr. Sriharsha Etigowni, and Prof. Dongyan Xu from Purdue University, West Lafayette. Mitigations - Prosys has released updates for the following products: - Simulation Server: Upgrade to v5.4.0 - Modbus Server: Upgrade to 1.4.20 - Prosys also recommends changing user passwords and restarting the application to mitigate the risk of exploitation. - CISA recommends users implement defensive measures to minimize the risk of exploitation, particularly: - Minimize network exposure of all control system devices and/or systems, and ensure they are not directly accessible from the internet. - Place control system networks and remote devices behind firewalls and isolate them from business networks. - When remote access is required, use secure methods such as Virtual Private Networks (VPNs), but note that VPNs may also have vulnerabilities and should be kept up to date. Also recognize that the security of a VPN is only as strong as the devices it connects to. - CISA advises organizations to conduct appropriate impact analysis and risk assessment before deploying defensive measures. - CISA also provides a range of security recommendations for control systems on its ICS website. - Additional mitigation guidance and best practices are available in the technical information paper. Impact - There are currently no known public exploits for this vulnerability. - Organizations that observe suspicious malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation with other incidents.

Goal Reached Thanks to every supporter — we hit 100%!

Prosys OPC UA Simulation Server Insufficiently Protected Credentials Vulnerability (CVE-2022-2967)

More from this source