• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa warns of critical vulnerabilities in 3 industrial control system

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

You are here: Home / General Cyber Security News / CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software
November 4, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a few Industrial Handle Programs (ICS) advisories about numerous vulnerabilities in software program from ETIC Telecom, Nokia, and Delta Industrial Automation.

Prominent amid them is a set of a few flaws influencing ETIC Telecom’s Distant Accessibility Server (RAS), which “could permit an attacker to attain delicate info and compromise the susceptible unit and other connected machines,” CISA mentioned.

This contains CVE-2022-3703 (CVSS score: 9.), a critical flaw that stems from the RAS web portal’s incapability to validate the authenticity of firmware, therefore generating it doable to slip in a rogue deal that grants backdoor accessibility to the adversary.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Two other flaws relate to a directory traversal bug in the RAS API (CVE-2022-41607, CVSS score: 8.6) and a file add issue (CVE-2022-40981, CVSS score: 8.3) that can be exploited to browse arbitrary files and add destructive data files that can compromise the unit.

Israeli industrial cybersecurity business OTORIO has been credited with discovering and reporting the flaws. All versions of ETIC Telecom RAS 4.5. and prior are vulnerable, with the issues dealt with by the French company in model 4.7.3.

The second advisory from CISA problems 3 flaws in Nokia’s ASIK AirScale 5G Frequent Technique Module (CVE-2022-2482, CVE-2022-2483, and CVE-2022-2484), which could pave the way for arbitrary code execution and stoppage of safe boot performance. All the flaws are rated 8.4 on the CVSS severity scale.

“Productive exploitation of these vulnerabilities could outcome in the execution of a malicious kernel, managing of arbitrary malicious courses, or managing of modified Nokia packages,” CISA observed.

CyberSecurity

The Finnish telecom big is reported to have released mitigation recommendations for the flaws that influence ASIK versions 474021A.101 and ASIK 474021A.102. The agency is recommending that users contact Nokia immediately for even further information and facts.

Finally, the cybersecurity authority has also warned of a path traversal vulnerability (CVE-2022-2969, CVSS rating: 8.1) that has an effect on Delta Industrial Automation’s DIALink goods and could be leveraged to plant destructive code on targeted appliances.

The shortcoming has been resolved in model 1.5.. Beta 4, which CISA stated can be attained by achieving out to Delta Industrial Automation right or by means of Delta industry software engineering (FAEs).

Uncovered this report appealing? Abide by THN on Facebook, Twitter  and LinkedIn to examine more exceptional content material we article.


Some pieces of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Cyber Threat Landscape Shaped by Ukraine Conflict, ENISA Report Reveals
Next Post: Phishers Abuse Microsoft Voicemail Service to Trick Users Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.