Cybersafe Solutions Security Advisory August 9, 2024

In this week's Security Advisory:

• New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
• Remote Command Execution Vulnerability found in Acronis Cyber Infrastructure
• Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access
• Google Patches Android Zero-Day Exploited in Targeted Attacks
• Security Updates Released for Google Chrome Desktop Browser and Mozilla

A newly disclosed remote code execution vulnerability in the Apache OFBiz open-source enterprise resource planning (ERP) system could allow unauthenticated threat actors to compromise vulnerable systems. Apache OFBiz is an open-source enterprise resource planning (ERP) framework that includes web applications to meet common business needs. This vulnerability is being tracked as CVE-2024-38856 with a CVSS score of 9.8 out of 10. Cybersafe is unaware of this being exploited in the wild.

Affected Versions

• Apache OFBiz version up to and including version 18.12.14

More Reading/Information

• https://www.helpnetsecurity.com/2024/08/05/cve-2024-38856/
• https://thehackernews.com/2024/08/new-zero-day-flaw-in-apache-ofbiz-erp.html
• https://www.tenable.com/cve/CVE-2024-38856
• https://www.darkreading.com/application-security/critical-apache-ofbiz-vulnerability-allows-preauth-rce

Remote Command Execution Vulnerability found in Acronis Cyber Infrastructure

A remote code execution vulnerability in the Acronis Cyber Infrastructure is currently being exploited in the wild. Identified as CVE-2023-45249 with a CVSS score of 9.8 out of 10.

Affected Versions

• Version 5.0 before build 5.0.1-61
• Version 5.1 before build 5.1.1-71
• Version 5.2 before build 5.2.1-69
• Version 5.3 before build 5.3.1-53
• Version 5.4 before build 5.4.4-132

More Reading/Information

• https://threatprotect.qualys.com/2024/08/01/acronis-cyber-infrastructure-critical-vulnerability-exploited-in-the-wild-cve-2023-45249/
• https://security-advisory.acronis.com/advisories/SEC-6452
• https://www.msn.com/en-us/news/technology/acronis-warns-thousands-of-customers-to-patch-this-security-issue-now/ar-BB1qQ3vK

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

A security flaw in Rockwell Automation's Logix controllers has been identified. This security bypass vulnerability, tracked as CVE-2024-6242 with a CVSS score 8.4 out of 10, impacts various models within the Logix family of programmable logic controllers (PLCs) and poses a significant risk to industrial automation systems globally. Successful exploitation will result in the execution of remote commands or reconfiguration of vulnerable devices.

Affected Products

• ControlLogix 5580 (1756-L8z)
• GuardLogix 5580 (1756-L8zS) with firmware versions up to V28 and V31

More Reading/Information

• https://thehackernews.com/2024/08/critical-flaw-in-rockwell-automation.html
• https://thecyberexpress.com/security-bypass-vulnerability-in-rockwell/
• https://www.darkreading.com/ics-ot-security/rockwell-plc-security-bypass-threatens-manufacturing-processes

Google Patches Android Zero-Day Exploited in Targeted Attacks

This month's Android security updates address 46 vulnerabilities, including a high-severity remote code execution (RCE) flaw that has been exploited in targeted attacks. Tracked as CVE-2024-36971 with a CVSS score of 7.8 out of 10, it has been identified as a high severity issue in the kernel that can be exploited for remote code execution with system execution privileges required.

Affected Versions

• Android OS patch levels prior to 2024-08-05

More Reading/Information

• https://www.bleepingcomputer.com/news/security/google-fixes-android-kernel-zero-day-exploited-in-targeted-attacks/
• https://www.securityweek.com/google-patches-android-zero-day-exploited-in-targeted-attacks/
• https://source.android.com/docs/security/bulletin/2024-08-01
• https://thehackernews.com/2024/08/google-patches-new-android-kernel.html

Security Updates Released for Google Chrome Desktop Browser and Mozilla

Google Chrome has issued a security update addressing six vulnerabilities that impact Windows, Mac, and Linux operating systems. Mozilla released security updates to address vulnerabilities in Firefox that could lead to arbitrary code execution.  There was a total of fourteen (14) vulnerabilities that affects Firefox prior to 129. Google and Mozilla are currently not aware of these vulnerabilities being exploited in the wild.

More Reading/Information

• https://chromereleases.googleblog.com/
• https://www.securityweek.com/chrome-firefox-updates-patch-serious-vulnerabilities/
• https://cybersecuritynews.com/firefox-patches-vulnerabilities/

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner.  It is security best practice to regularly update and/or patch software to the latest versions.  The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only.  This dramatically increases the likelihood that new vulnerabilities have a patch issued for them.  Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.