• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa warns of critical flaws affecting industrial appliances from advantech

CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi

You are here: Home / General Cyber Security News / CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi
October 19, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday launched two Industrial Management Programs (ICS) advisories pertaining to intense flaws in Advantech R-SeeNet and Hitachi Power APM Edge appliances.

This is made up of three weaknesses in the R-SeeNet checking answer, productive exploitation of which “could outcome in an unauthorized attacker remotely deleting files on the procedure or enabling remote code execution.”

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The list of issues, which have an impact on R-SeeNet Variations 2.4.17 and prior, is as follows –

  • CVE-2022-3385 and CVE-2022-3386 (CVSS scores: 9.8) – Two stack-dependent buffer overflow flaws that could direct to remote code execution
  • CVE-2022-3387 (CVSS score: 6.5) – A path traversal flaw that could allow a distant attacker to delete arbitrary PDF files

Patches have been manufactured accessible in version R-SeeNet model 2.4.21 unveiled on September 30, 2022.

Also published by CISA is an update to a December 2021 advisory about several flaws in Hitachi Strength Transformer Asset Efficiency Management (APM) Edge products that could render them inaccessible.

The 29 vulnerabilities, collectively assigned a CVSS rating of 8.2, stem from security holes in open source computer software factors this kind of as OpenSSL, LibSSL, libxml2, and GRUB2 bootloader. End users are advised to update to APM Edge edition 4. to remediate the bugs.

CyberSecurity

The twin alerts come less than a 7 days right after CISA posted 25 ICS advisories on October 13, 2022, spanning quite a few vulnerabilities throughout products from Siemens, Hitachi Electricity, and Mitsubishi Electric.

According to OT cybersecurity and asset checking business SynSaber, 681 ICS merchandise vulnerabilities ended up reported through CISA in the initially fifty percent of 2022, out of which 152 are rated Critical, 289 are rated High, and 2015 are rated Medium in Severity.

What is more, 54 of the Critical/Higher-rated CVEs have no patch or any mitigation readily available from the suppliers, accounting for 13% of the whole reported flaws and remaining “permanently-working day vulnerabilities.”

“It’s crucial for asset proprietors and all those defending critical infrastructure to realize when remediations are available, and how those people remediations need to be implemented and prioritized,” SynSaber explained.

Found this article exciting? Observe THN on Facebook, Twitter  and LinkedIn to read additional exclusive content we write-up.


Some pieces of this posting are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Software Supply Chain Attacks Soar 742% in Three Years
Next Post: Deadbolt Ransomware Extorts Vendors and Customers Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.