CISA recently announced some vulnerabilities in the Zeek Ethercat plugin:
https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02
https://www.securityweek.com/zeek-security-tool-vulnerabilities-allow-ics-network-hacking/
The Zeek Ethercat plugin is included in Security Onion 2.3 and 2.4 by default. We recommend updating to the latest version of Security Onion to make sure you have the latest version of the Zeek Ethercat plugin. There are separate sections for both 2.3 and 2.4 below to provide the information that you need for your version of Security Onion. If you have questions or problems, please start a new discussion at https://securityonion.com/discuss.
2.4
If you are running Security Onion 2.4, you will want to make sure that you are running the latest version of 2.4 which is 2.4.50 as of this writing:
https://blog.securityonion.net/2024/02/security-onion-2450-now-available.html
You can update to the latest version of 2.4 as shown here:
https://docs.securityonion.net/en/2.4/soup.html
If for some reason you can't upgrade to the latest version of Security Onion 2.4 immediately, here are some possible mitigations.
Disable the Zeek Ethercat plugin via the Configuration interface:
https://docs.securityonion.net/en/2.4/zeek.html#configuration
OR
Switch from Zeek to Suricata for network metadata:
https://docs.securityonion.net/en/2.4/suricata.html#metadata
2.3
If you are still running Security Onion 2.3, you will want to make sure that you are running the latest version of 2.3 which is 2.3.290 as of this writing:
https://blog.securityonion.net/2024/02/security-onion-23290-now-available.html
You can update to the latest version of 2.3 as shown here:
https://docs.securityonion.net/en/2.3/soup.html
As a reminder, Security Onion 2.3 reaches End of Life on April 6, 2024 so you'll want to go ahead and migrate to Security Onion 2.4:
https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html
If for some reason you can't upgrade to the latest version of Security Onion 2.3 or 2.4 immediately, here are some possible mitigations.
Disable the Zeek Ethercat plugin:
https://docs.securityonion.net/en/2.3/zeek.html#configuration
OR
Switch from Zeek to Suricata for network metadata:
https://docs.securityonion.net/en/2.3/suricata.html#metadata
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.