On May 1, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued two critical advisories concerning vulnerabilities in industrial control systems (ICS). These advisories highlight significant security flaws in KUNBUS GmbH's Revolution Pi and MicroDicom's DICOM Viewer, both integral components in industrial and healthcare sectors, respectively.
The Revolution Pi, developed by KUNBUS GmbH, is a modular and open-source industrial PC based on the Raspberry Pi platform. It is widely utilized in various industrial applications due to its flexibility and cost-effectiveness.
Source: CISA CISA Releases Two Industrial Control Systems Advisories | CISA
KUNBUS GmbH Revolution Pi Vulnerabilities
The Revolution Pi, developed by KUNBUS GmbH, is a modular and open-source industrial PC based on the Raspberry Pi platform. It is widely utilized in various industrial applications due to its flexibility and cost-effectiveness.Identified Vulnerabilities
CISA's advisory ICSA-25-121-01 outlines three critical vulnerabilities in the Revolution Pi:- Missing Authentication for Critical Function (CWE-306): The Node-RED server, included in the Revolution Pi OS Bookworm version 01/2025, lacks default authentication. This oversight allows unauthenticated remote attackers to gain full access to the server, potentially executing arbitrary commands on the underlying operating system. This vulnerability is assigned CVE-2025-24522 with a CVSS v3.1 base score of 10.0, indicating maximum severity.
- Authentication Bypass by Primary Weakness (CWE-303): In PiCtory versions 2.5.0 through 2.11.1, an authentication bypass vulnerability exists. Attackers can exploit this flaw to gain unauthorized access to critical functions, compromising system integrity. This issue is identified as CVE-2025-24523 with a CVSS v3.1 base score of 9.8.
- Improper Neutralization of Server-Side Includes (SSI) Within a Web Page (CWE-97): PiCtory versions 2.11.1 and earlier are susceptible to SSI injection attacks. Attackers can execute malicious server-side includes, leading to unauthorized actions within the web application. This vulnerability is tracked as CVE-2025-24524 with a CVSS v3.1 base score of 9.8.
Risk Evaluation
Exploitation of these vulnerabilities could allow attackers to bypass authentication mechanisms, gain unauthorized access to critical functions, and execute malicious code. Such actions can lead to significant disruptions in industrial processes, data breaches, and potential safety hazards.Mitigation Measures
To address these vulnerabilities, CISA recommends the following actions:- Update Software: Users should upgrade to the latest versions of Revolution Pi OS and PiCtory to incorporate patches addressing these vulnerabilities.
- Implement Authentication: Configure authentication mechanisms for the Node-RED server to prevent unauthorized access.
- Network Segmentation: Isolate control system networks from business networks and ensure they are not accessible from the internet.
- Use Secure Remote Access Methods: When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs), keeping in mind that VPNs should be updated to the most current versions to mitigate their own vulnerabilities.
MicroDicom DICOM Viewer Vulnerabilities
MicroDicom DICOM Viewer is a widely used medical image viewer in the healthcare sector, facilitating the viewing and analysis of DICOM (Digital Imaging and Communications in Medicine) files.Identified Vulnerabilities
CISA's advisory ICSMA-25-121-01 details two critical vulnerabilities in the DICOM Viewer:- Improper Authorization in Handler for Custom URL Scheme (CWE-939): This vulnerability allows attackers to retrieve sensitive medical image files, plant new images, or overwrite existing ones on a victim's system. Exploitation requires user interaction, such as clicking a malicious link. This issue is assigned CVE-2024-33606 with a CVSS v3.1 base score of 8.8.
- Stack-Based Buffer Overflow (CWE-121): The DICOM Viewer is vulnerable to a stack-based buffer overflow, potentially enabling attackers to execute arbitrary code on affected installations. User interaction, such as opening a malicious DICOM file, is required for exploitation. This vulnerability is identified as CVE-2024-28877 with a CVSS v3.1 base score of 8.8.
Risk Evaluation
Successful exploitation of these vulnerabilities could lead to unauthorized access and manipulation of sensitive medical images, compromising patient confidentiality and data integrity. Additionally, arbitrary code execution could result in further system compromise and potential propagation of malware within healthcare networks.Mitigation Measures
To mitigate these risks, CISA advises the following:- Update Software: Users should upgrade to DICOM Viewer version 2024.2, which addresses these vulnerabilities.
- Limit Network Exposure: Ensure that medical imaging systems are not directly accessible from the internet and are placed behind firewalls.
- Educate Users: Train staff to recognize and avoid phishing attempts and malicious links that could exploit these vulnerabilities.
- Implement Access Controls: Restrict access to medical imaging systems to authorized personnel only.
Conclusion
The vulnerabilities identified in KUNBUS GmbH's Revolution Pi and MicroDicom's DICOM Viewer underscore the critical importance of robust cybersecurity practices in industrial and healthcare environments. Organizations utilizing these systems should promptly apply the recommended updates and implement the suggested mitigation strategies to safeguard against potential exploits. Regularly reviewing and updating security protocols is essential to maintain the integrity and security of critical infrastructure systems.Source: CISA CISA Releases Two Industrial Control Systems Advisories | CISA
