Tuesday, March 5, 2024

Vulnerabilities in Zeek Ethercat Plugin

CISA recently announced some vulnerabilities in the Zeek Ethercat plugin:

https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02

https://www.securityweek.com/zeek-security-tool-vulnerabilities-allow-ics-network-hacking/


The Zeek Ethercat plugin is included in Security Onion 2.3 and 2.4 by default. We recommend updating to the latest version of Security Onion to make sure you have the latest version of the Zeek Ethercat plugin. There are separate sections for both 2.3 and 2.4 below to provide the information that you need for your version of Security Onion. If you have questions or problems, please start a new discussion at https://securityonion.com/discuss.


2.4


If you are running Security Onion 2.4, you will want to make sure that you are running the latest version of 2.4 which is 2.4.50 as of this writing:

https://blog.securityonion.net/2024/02/security-onion-2450-now-available.html


You can update to the latest version of 2.4 as shown here:

https://docs.securityonion.net/en/2.4/soup.html


If for some reason you can't upgrade to the latest version of Security Onion 2.4 immediately, here are some possible mitigations.


Disable the Zeek Ethercat plugin via the Configuration interface:

https://docs.securityonion.net/en/2.4/zeek.html#configuration


OR 


Switch from Zeek to Suricata for network metadata:

https://docs.securityonion.net/en/2.4/suricata.html#metadata


2.3


If you are still running Security Onion 2.3, you will want to make sure that you are running the latest version of 2.3 which is 2.3.290 as of this writing:

https://blog.securityonion.net/2024/02/security-onion-23290-now-available.html


You can update to the latest version of 2.3 as shown here:

https://docs.securityonion.net/en/2.3/soup.html


As a reminder, Security Onion 2.3 reaches End of Life on April 6, 2024 so you'll want to go ahead and migrate to Security Onion 2.4:

https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html


If for some reason you can't upgrade to the latest version of Security Onion 2.3 or 2.4 immediately, here are some possible mitigations.


Disable the Zeek Ethercat plugin:

https://docs.securityonion.net/en/2.3/zeek.html#configuration


OR


Switch from Zeek to Suricata for network metadata:

https://docs.securityonion.net/en/2.3/suricata.html#metadata


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.