Alisonic Sibylla

Plan PatchCVSS 9.4ICS-CERT ICSA-24-268-02Sep 24, 2024

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Alisonic Sibylla contains an SQL injection vulnerability (CWE-89) that allows unauthenticated remote attackers to query the database, extract credentials and device information, or obtain administrator privileges. All versions are affected. The vendor did not respond to CISA coordination efforts and has not released a patch. Exploitation could result in complete system compromise and the ability to manipulate process control logic or disable operational safeguards.

What this means

What could happen

An attacker could extract database contents, steal credentials, or gain full administrator access to Sibylla systems, potentially allowing them to modify flow setpoints, disable alarms, or disrupt water treatment or electrical distribution operations.

Who's at risk

Water treatment facilities, municipal utilities, and any industrial organization using Alisonic Sibylla SCADA/HMI systems for process monitoring and control are affected. This includes operators of flow control systems, distribution networks, and treatment processes that depend on Sibylla for real-time operational visibility and setpoint management.

How it could be exploited

An attacker with network access to a Sibylla device exploits an SQL injection vulnerability (CWE-89) in the application to query the database directly, extract sensitive data, or elevate privileges to administrator level without authentication required.

Prerequisites

Network reachability to Sibylla device on its application port
No authentication or valid credentials required

remotely exploitableno authentication requiredlow complexityno patch availableaffects safety/operational systemsSQL injection (data exfiltration and privilege escalation)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Sibylla: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict network access to Sibylla devices: allow connections only from trusted engineering workstations and administrative systems using firewall rules on the OT network boundary

HARDENINGIsolate Sibylla systems from the business/corporate network using air gaps, network segmentation, or a demilitarized zone (DMZ)

HARDENINGIf remote access to Sibylla is required, implement a VPN with strong authentication (multi-factor if possible) and ensure the VPN appliance is kept fully patched

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Alisonic directly at +39 0362 1547580 or info@alisonic.it to determine if any security updates or patches are available, and keep all Sibylla instances updated to the latest released version

Mitigations - no patch available

0/1

Sibylla: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement egress filtering to prevent Sibylla from initiating outbound connections to untrusted networks or the internet

CVEs (1)

CVE-2024-8630

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ff13ac2a-110c-4c1f-acbb-f134144594d2

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.