Significant industrial control system environment compromise could be facilitated by exploiting vulnerabilities impacting open source network security monitoring tool Zeek's ICS protocol parsing plugin Ethercat — including the critical bugs, tracked as CVE-2023-7243 and CVE-2024-7244, and the high-severity flaw, tracked as CVE-2023-7242, reports SecurityWeek.
One of the vulnerabilities could be leveraged to disrupt the Zeek process, while all three issues could be exploited to enable arbitrary code execution and privilege escalation for threat actors with limited Zeek access, according to University of Central Florida researcher Cameron Whitehead, who discovered and reported the flaws. Attackers could also use the bugs to enable network traffic visibility and confidential information exfiltration in systems without address space layout randomization and other security features. "This is done by just sending a couple of UDP packets to any machine on the monitored network, which can likely be done from anywhere on the internet for many networks," added Whitehead. All of the flaws, which were detailed by the Cybersecurity and Infrastructure Security Agency, have been addressed nearly six weeks after their disclosure.