• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
3 new vulnerabilities affect ot products from german festo and

3 New Vulnerabilities Affect OT Products from German Festo and CODESYS Companies

You are here: Home / General Cyber Security News / 3 New Vulnerabilities Affect OT Products from German Festo and CODESYS Companies
November 30, 2022

Researchers have disclosed information of three new security vulnerabilities influencing operational technology (OT) goods from CODESYS and Festo that could guide to supply code tampering and denial-of-services (DoS).

The vulnerabilities, noted by Forescout Vedere Labs, are the latest in a lengthy list of flaws collectively tracked under the name OT:ICEFALL.

“These issues exemplify both an insecure-by-structure approach — which was regular at the time the products and solutions ended up released – wherever brands consist of risky features that can be accessed with no authentication or a subpar implementation of security controls, these as cryptography,” the scientists reported.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

The most critical of the flaws is CVE-2022-3270 (CVSS rating: 9.8), a critical vulnerability that influences Festo automation controllers using the Festo Generic Multicast (FGMC) protocol to reboot the gadgets devoid of necessitating any authentication and bring about a denial of company (DoS) problem.

An additional DoS shortcoming in Festo controllers (CVE-2022-3079, CVSS rating: 7.5) relates to a case of unauthenticated, distant access to an undocumented web webpage (“cec-reboot.php”) that could be exploited by an attacker with network entry to Festo CPX-CEC-C1 and CPX-CMXX PLCs.

OT vulnerabilities

The third issue, on the other hand, considerations the use of weak cryptography in the CODESYS V3 runtime environment to safe download code and boot purposes (CVE-2022-4048, CVSS rating: 7.7), which could be abused by a undesirable actor to decrypt and manipulate the source code, thus undermining confidentiality and integrity protections.

Forescout stated it also recognized two known CODESYS bugs impacting Festo CPX-CEC-C1 controllers (CVE-2022-31806 and CVE-2022-22515) that stem from an unsafe configuration in the Management runtime natural environment, and could lead to a denial-of-service sans authentication.

“This is however a different illustration of a supply chain issue where a vulnerability has not been disclosed for all the solutions it affects,” the researchers reported.

To mitigate likely threats, businesses are proposed to find out and stock susceptible gadgets, implement appropriate network segmentation controls, and keep an eye on network website traffic for anomalous action.

Located this post intriguing? Observe THN on Fb, Twitter  and LinkedIn to study extra unique material we write-up.


Some sections of this posting are sourced from:
thehackernews.com

Previous Post: «chinese cyber espionage hackers using usb devices to target entities Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines
Next Post: Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches australia passes bill to fine companies up to $50 million»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.