CISA Warns of Critical Vulnerabilities in Switches Used in Manufacturing

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two critical vulnerabilities identified in Optigo Networks ONS-S8 Aggregation Switch products. These devices are commonly used in critical infrastructure and manufacturing systems worldwide, and the vulnerabilities could allow attackers to bypass authentication and execute remote code, posing significant risks to affected systems.  

These vulnerabilities highlight the ongoing challenges of cybersecurity in manufacturing, where securing operational technology (OT) is critical to ensuring smooth and secure production processes. Read on to get the details.  

Tell me more about the vulnerable manufacturing switches 

The vulnerabilities in question affect all versions of the ONS-S8 switch up to and including version 1.3.7. These vulnerabilities are particularly concerning because the affected devices are widely deployed across industries that require high levels of security and reliability, such as manufacturing plants, energy grids and transportation networks. 

Here are the two critical vulnerabilities: 

• CVE-2024-41925: This is a PHP remote file inclusion vulnerability affecting the web-based user interface for the switch. A remote attacker could exploit this weakness to bypass authentication, navigate through directories on the equipment, and execute arbitrary code on the target device. This vulnerability requires that the attacker have access to the device’s web interface, making exposed devices more vulnerable to attacks over the internet. 

• CVE-2024-45367: This vulnerability involves an incomplete authentication process at the web server level on the Canadian-manufactured device. In this case, a remote attacker can bypass the authentication process entirely without needing a password, allowing them to gain unauthorized access to the switch. This is especially dangerous because it lowers the barrier for exploitation, making the system vulnerable to attackers with minimal effort.

Although there have been no signs of these vulnerabilities being actively exploited at the time of writing, the potential impact of these security flaws should not be underestimated. Any system that depends on these devices for operational continuity could be at risk if these weaknesses are exploited, leading to significant operational disruptions or, worse, system compromise.  

The need for strong cybersecurity in manufacturing becomes increasingly evident as these vulnerabilities highlight the risk to systems that are often integral to industrial operations. Organizations that rely on these switches must act quickly to protect their critical infrastructure while they await patches from the manufacturer. 

What is Nuspire doing? 

At Nuspire, we prioritize the security and operational resilience of our clients. In response to the CISA alert, we are taking proactive measures to mitigate the risks associated with these vulnerabilities. While patches have not yet been released, Nuspire is closely monitoring updates from the vendor and will apply patches as soon as they become available, which is in line with recommended best practices. 

What should I do? 

While patches for the identified vulnerabilities in Optigo Networks ONS-S8 Aggregation Switches are still pending, the manufacturer has issued several workarounds to help mitigate the associated risks. These workarounds should be implemented as soon as possible to minimize the potential for exploitation: 

• Use a dedicated NIC on the BMS computer: A dedicated network interface card (NIC) should be installed on the building management system (BMS). This NIC should be used exclusively to connect to OneView, the tool for managing your operational technology (OT) network configuration. This isolates the network traffic and reduces the potential attack surface. 

• Set up a router firewall with an access list: A router firewall should be configured with an access control list (ACL) that limits the devices permitted to access the OneView management tool. This helps prevent unauthorized devices from communicating with OneView, reducing the likelihood of a successful attack. 

• Use a secure VPN: Always connect to OneView via a secure virtual private network (VPN). This adds an additional layer of encryption and protection when accessing the system remotely, helping to prevent attackers from intercepting or tampering with communications between the network and OneView. 

The vulnerabilities discovered in Optigo Networks’ ONS-S8 Aggregation Switches pose a significant risk, particularly for organizations that rely on these devices in critical infrastructure environments. While no active exploitation has been reported, the potential for disruption underscores the importance of having a strong patch management and vulnerability management strategy in place, which are crucial elements of effective cybersecurity in manufacturing.