Security Onion Blog

Tuesday, March 5, 2024

Vulnerabilities in Zeek Ethercat Plugin

CISA recently announced some vulnerabilities in the Zeek Ethercat plugin:

https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02

https://www.securityweek.com/zeek-security-tool-vulnerabilities-allow-ics-network-hacking/


The Zeek Ethercat plugin is included in Security Onion 2.3 and 2.4 by default. We recommend updating to the latest version of Security Onion to make sure you have the latest version of the Zeek Ethercat plugin. There are separate sections for both 2.3 and 2.4 below to provide the information that you need for your version of Security Onion. If you have questions or problems, please start a new discussion at https://securityonion.com/discuss.


2.4


If you are running Security Onion 2.4, you will want to make sure that you are running the latest version of 2.4 which is 2.4.50 as of this writing:

https://blog.securityonion.net/2024/02/security-onion-2450-now-available.html


You can update to the latest version of 2.4 as shown here:

https://docs.securityonion.net/en/2.4/soup.html


If for some reason you can't upgrade to the latest version of Security Onion 2.4 immediately, here are some possible mitigations.


Disable the Zeek Ethercat plugin via the Configuration interface:

https://docs.securityonion.net/en/2.4/zeek.html#configuration


OR 


Switch from Zeek to Suricata for network metadata:

https://docs.securityonion.net/en/2.4/suricata.html#metadata


2.3


If you are still running Security Onion 2.3, you will want to make sure that you are running the latest version of 2.3 which is 2.3.290 as of this writing:

https://blog.securityonion.net/2024/02/security-onion-23290-now-available.html


You can update to the latest version of 2.3 as shown here:

https://docs.securityonion.net/en/2.3/soup.html


As a reminder, Security Onion 2.3 reaches End of Life on April 6, 2024 so you'll want to go ahead and migrate to Security Onion 2.4:

https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html


If for some reason you can't upgrade to the latest version of Security Onion 2.3 or 2.4 immediately, here are some possible mitigations.


Disable the Zeek Ethercat plugin:

https://docs.securityonion.net/en/2.3/zeek.html#configuration


OR


Switch from Zeek to Suricata for network metadata:

https://docs.securityonion.net/en/2.3/suricata.html#metadata


at
Labels: , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion 2.4.111 now available!

In October, we released version 2.4.110: https://blog.securityonion.net/2024/10/security-onion-24110-hurricane-helene.html Last week, Surica...

Popular Posts

  • Community Webinars featuring Security Onion
    Thanks to all who attended the Zeek webinar on May 27! For those weren't able to join, the recording should be available soon and we wi...
  • Security Onion 2.4 Base OS
    Introduction Recent events have forced us to change course on the base operating system (OS) for Security Onion 2.4.  On 6/21/2023, Red Hat ...
  • Security Advisory for Squert
    Introduction Jeffrey Medsger reported several command injection and SQL injection vulnerabilities in Squert.  Wes Lambert also discovered s...

Blog Archive