Technology NewsCISA Warns for Flaws Affecting Industrial Control Systems from...

CISA Warns for Flaws Affecting Industrial Control Systems from Major Manufacturers

-


Jan 16, 2023Ravie LakshmananIndustrial Control Systems

Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS) advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens.

The most severe of the flaws relate to Sewio’s RTLS Studio, which could be exploited by an attacker to “obtain unauthorized access to the server, alter information, create a denial-of-service condition, gain escalated privileges, and execute arbitrary code,” according to CISA.

This includes CVE-2022-45444 (CVSS score: 10.0), a case of hard-coded passwords for select users in the application’s database that potentially grant remote adversaries unrestricted access.

Also notable are two command injection flaws (CVE-2022-47911 and CVE-2022-43483, CVSS scores: 9.1) and an out-of-bounds write vulnerability (CVE-2022-41989, CVSS score: 9.1) that could result in denial-of-service condition or code execution.

The vulnerabilities impact RTLS Studio version 2.0.0 up to and including version 2.6.2. Users are recommended to update to version 3.0.0 or later.

CISA, in a second alert, highlighted a set of five security defects in InHand Networks InRouter 302 and InRouter 615, including CVE-2023-22600 (CVSS score: 10.0), that could lead to command injection, information disclosure, and code execution.

“If properly chained, these vulnerabilities could result in an unauthorized remote user fully compromising every cloud-managed InHand Networks device reachable by the cloud,” the agency said.

All firmware versions of InRouter 302 prior to IR302 V3.5.56 and InRouter 615 before InRouter6XX-S-V2.3.0.r5542 are susceptible to bugs.

Security vulnerabilities have also been disclosed in Sauter Controls Nova 220, Nova 230, Nova 106, and moduNet300 that could allow unauthorized visibility to sensitive information (CVE-2023-0053, CVSS score: 7.5) and remote code execution (CVE-2023-0052, CVSS score: 9.8).

The Swiss-based automation company, however, does not plan to release fixes for the identified issues owing to the fact that the product line is no longer supported.

Lastly, the security agency detailed a cross-site scripting (XSS) flaw in Siemens Mendix SAML equipment (CVE-2022-46823, CVSS score: 9.3) that could permit a threat actor to gain sensitive information by tricking users into clicking a specially crafted link.

Users are advised to enable multi-factor authentication and update Mendix SAML to versions 2.3.4 (Mendix 8), 3.3.8 (Mendix 9, Upgrade Track), or 3.3.9 (Mendix 9, New Track) to mitigate potential risks.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach

Feb 08, 2023Ravie LakshmananCyber Crime / SMS Fraud A Sydney man has been sentenced to an 18-month Community Correction...

the electric car is not enough for climate goals

Two electric car manufacturers shed light on the depth of the problem with joint research. ...

Xiaomi has just launched a special edition Hello Kitty mobile, but you won’t be able to have it

Like almost all special editions, this new Xiaomi Civi 2 Hello Kitty Special Limited Edition will be confined...

பச்சோந்தி போன்ற கட்டிடப் பொருள் அதன் அகச்சிவப்பு நிறத்தை மாற்றுகிறது

Hsu குழுமம் 15 வெவ்வேறு அமெரிக்க நகரங்களில் உள்ள பொதுவான கட்டிடங்களில் எரிசக்தி செலவைக் குறைக்கும் மாதிரிகளை உருவாக்கியது, சராசரியாக, கட்டிடத்தின் மொத்த மின்சாரத்தில்...

Must read

பச்சோந்தி போன்ற கட்டிடப் பொருள் அதன் அகச்சிவப்பு நிறத்தை மாற்றுகிறது

Hsu குழுமம் 15 வெவ்வேறு அமெரிக்க நகரங்களில் உள்ள பொதுவான...

Shows Like Line of Duty

line of duty is a detective drama series...