Security Onion Blog

Tuesday, March 5, 2024

Vulnerabilities in Zeek Ethercat Plugin

CISA recently announced some vulnerabilities in the Zeek Ethercat plugin:

https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02

https://www.securityweek.com/zeek-security-tool-vulnerabilities-allow-ics-network-hacking/


The Zeek Ethercat plugin is included in Security Onion 2.3 and 2.4 by default. We recommend updating to the latest version of Security Onion to make sure you have the latest version of the Zeek Ethercat plugin. There are separate sections for both 2.3 and 2.4 below to provide the information that you need for your version of Security Onion. If you have questions or problems, please start a new discussion at https://securityonion.com/discuss.


2.4


If you are running Security Onion 2.4, you will want to make sure that you are running the latest version of 2.4 which is 2.4.50 as of this writing:

https://blog.securityonion.net/2024/02/security-onion-2450-now-available.html


You can update to the latest version of 2.4 as shown here:

https://docs.securityonion.net/en/2.4/soup.html


If for some reason you can't upgrade to the latest version of Security Onion 2.4 immediately, here are some possible mitigations.


Disable the Zeek Ethercat plugin via the Configuration interface:

https://docs.securityonion.net/en/2.4/zeek.html#configuration


OR 


Switch from Zeek to Suricata for network metadata:

https://docs.securityonion.net/en/2.4/suricata.html#metadata


2.3


If you are still running Security Onion 2.3, you will want to make sure that you are running the latest version of 2.3 which is 2.3.290 as of this writing:

https://blog.securityonion.net/2024/02/security-onion-23290-now-available.html


You can update to the latest version of 2.3 as shown here:

https://docs.securityonion.net/en/2.3/soup.html


As a reminder, Security Onion 2.3 reaches End of Life on April 6, 2024 so you'll want to go ahead and migrate to Security Onion 2.4:

https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html


If for some reason you can't upgrade to the latest version of Security Onion 2.3 or 2.4 immediately, here are some possible mitigations.


Disable the Zeek Ethercat plugin:

https://docs.securityonion.net/en/2.3/zeek.html#configuration


OR


Switch from Zeek to Suricata for network metadata:

https://docs.securityonion.net/en/2.3/suricata.html#metadata


at
Labels: , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Registration Now Open for Augusta Cyber Week 2024!

Registration is now open for Augusta Cyber Week in beautiful Augusta GA from September 30, 2024 through October 5, 2024! This includes: 4-da...

Popular Posts

Blog Archive