• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

CISA Warns for Flaws Affecting Industrial Control Systems from Major Manufacturers

You are here: Home / General Cyber Security News / CISA Warns for Flaws Affecting Industrial Control Systems from Major Manufacturers
January 16, 2023

Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Company (CISA) has unveiled quite a few Industrial Management Methods (ICS) advisories warning of critical security flaws impacting merchandise from Sewio, InHand Networks, Sauter Controls, and Siemens.

The most extreme of the flaws relate to Sewio’s RTLS Studio, which could be exploited by an attacker to “get unauthorized accessibility to the server, alter information, generate a denial-of-assistance ailment, obtain escalated privileges, and execute arbitrary code,” in accordance to CISA.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


This incorporates CVE-2022-45444 (CVSS rating: 10.), a case of really hard-coded passwords for find users in the application’s database that perhaps grant distant adversaries unrestricted entry.

Also noteworthy are two command injection flaws (CVE-2022-47911 and CVE-2022-43483, CVSS scores: 9.1) and an out-of-bounds generate vulnerability (CVE-2022-41989, CVSS rating: 9.1) that could consequence in denial-of-support situation or code execution.

The vulnerabilities affect RTLS Studio variation 2.. up to and which include edition 2.6.2. Buyers are recommended to update to edition 3.. or later.

CISA, in a next warn, highlighted a established of 5 security flaws in InHand Networks InRouter 302 and InRouter 615, which include CVE-2023-22600 (CVSS rating: 10.), that could direct to command injection, information and facts disclosure, and code execution.

“If properly chained, these vulnerabilities could outcome in an unauthorized remote consumer absolutely compromising every single cloud-managed InHand Networks machine reachable by the cloud,” the company stated.

All firmware versions of InRouter 302 prior to IR302 V3.5.56 and InRouter 615 just before InRouter6XX-S-V2.3..r5542 are inclined to bugs.

Security vulnerabilities have also been disclosed in Sauter Controls Nova 220, Nova 230, Nova 106, and moduNet300 that could allow for unauthorized visibility to delicate information and facts (CVE-2023-0053, CVSS rating: 7.5) and distant code execution (CVE-2023-0052, CVSS score: 9.8).

The Swiss-dependent automation organization, even so, does not plan to release fixes for the identified issues owing to the point that the products line is no extended supported.

And finally, the security agency in depth a cross-web page scripting (XSS) flaw in Siemens Mendix SAML gear (CVE-2022-46823, CVSS rating: 9.3) that could permit a danger actor to achieve sensitive details by tricking end users into clicking a specifically crafted link.

Users are encouraged to allow multi-factor authentication and update Mendix SAML to variations 2.3.4 (Mendix 8), 3.3.8 (Mendix 9, Upgrade Track), or 3.3.9 (Mendix 9, New Monitor) to mitigate possible risks.

Found this posting attention-grabbing? Observe us on Twitter  and LinkedIn to go through additional unique material we publish.


Some elements of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Hackers Hijack NortonLifeLock Customer Accounts

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Warns for Flaws Affecting Industrial Control Systems from Major Manufacturers
  • Hackers Hijack NortonLifeLock Customer Accounts
  • New Backdoor Created Using Leaked CIA’s Hive Malware Discovered in the Wild
  • US Court Orders $17m Be Given to BitConnect Victims
  • TikTok Fined Over $5m for Cookie Violations
  • Guide to Building Secure, Compliant Containerswww.drata.comContainer Security / DevSecOpsA guide to improving container security posture for cloud-first organizations. Download it now.
  • Malware Attack on CircleCI Engineer’s Laptop Leads to Recent Security Incident
  • Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability
  • TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws
  • Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers

Copyright © TheCyberSecurity.News, All Rights Reserved.