Technology NewsIndustrial control systems are at risk - CISA warns

Industrial control systems are at risk – CISA warns

-



Not only ordinary computers are at risk from hackers, but also industrial equipment. Attacks against such professional devices are less talked about, even though the extent of the damage caused can be huge in these cases as well.

The US Cybersecurity and Infrastructure Security Agency (CISA) published four industrial control systems (ICS) advisoriesin which he drew attention to several security flaws affecting Siemens, GE Digital and Contec products – reports The Hacker News.

The most critical issues were identified in Siemens’ SINEC INS system, which could lead to remote code execution via a path traversal (CVE-2022-45092, CVSS score: 9.9) and a command injection (CVE-2022-2068, CVSS score: 9.8) flaw. Siemens also fixed an authentication bypass vulnerability in the llhttp parser (CVE-2022-35256, CVSS score 9.8) and an out-of-bounds write flaw in the OpenSSL library (CVE-2022-2274, CVSS score 9.8) that could be exploited for remote code execution. The German automation company has already released Service Pack 2 Update 1 in December 2022 to eliminate bugs.

Regardless, a critical flaw was also discovered in GE’s Digital Proficy Historian solution that could result in code execution regardless of authentication status. Tracked as CVE-2022-46732 (CVSS score: 9.8), the bug affects Proficy Historian versions 7.0 and later and has already been fixed in Proficy Historian version 2023.

“An attacker can exploit this fact and bypass Historian authentication by pretending to be a local service. This allows remote attackers to log into any GE Proficy Historian server and force it to perform unauthorized operations,” said Uri Katz of Claroty security researcher of an industrial security company.

CISA also updated its ICS advisory published last month, which details a critical vulnerability (CVE-2022-44456, CVSS score: 10.0) in the Contec CONPROSYS HMI system that could allow a remote attacker to send specially crafted requests to arbitrary to run commands. Although this flaw was fixed by Contec in version 3.4.5, the software has since been found to be vulnerable to four additional bugs that could lead to information disclosure and unauthorized access.

Users of the CONPROSYS HMI System are recommended to upgrade to version 3.5.0 or later and take steps to minimize network exposure and isolate such devices from business networks.

The warnings come less than a week after CISA issued 12 similar warnings warning of critical flaws in software from Sewio, InHand Networks, Sauter Controls and Siemens.

Hardware, software, tests, interesting and colorful news from the world of IT by clicking here!

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

New OPPO Reno8 T and Reno8 T 5G, 100 megapixel camera and 120 Hz screen

OPPO has launched a new series within its Reno line: this is the Reno8 T and Reno8 T...

ஒரு செயற்கை இரசாயன கடிகாரம் சர்க்காடியன் தாளங்களின் மர்மமான சொத்தை எவ்வாறு பின்பற்றுகிறது

சர்க்காடியன் தாளங்கள் ஒரு தனித்துவமான பண்புகளைக் கொண்டுள்ளன, இதில் வெப்பநிலை ஏற்ற இறக்கங்கள் இருந்தபோதிலும் சுழற்சி காலம் மாறாமல் இருக்கும், பல உயிர்வேதியியல் எதிர்வினைகளின்...

ChatGPT – OpenAI plans to introduce an optional subscription for users of its tool

ChatGPT is one of the most interesting technological curiosities of recent months. Much has already been written...

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

Feb 02, 2023Ravie LakshmananCyber Risk / Threat Detection The State Cyber Protection Centre (SCPC) of Ukraine has called out...

ChatGPT – OpenAI plans to introduce an optional subscription for users of its tool

ChatGPT is one of the most interesting technological curiosities of recent months. Much has already been written...

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

Feb 02, 2023Ravie LakshmananCyber Risk / Threat Detection The State Cyber Protection Centre (SCPC) of Ukraine has called out...

Must read