• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa warns of high severity flaws in schneider and ge digital's

CISA Warns of High-Severity Flaws in Schneider and GE Digital’s SCADA Software

You are here: Home / General Cyber Security News / CISA Warns of High-Severity Flaws in Schneider and GE Digital’s SCADA Software
February 28, 2022

The U.S. Cybersecurity and Infrastructure Security Company (CISA) very last 7 days posted an industrial handle procedure (ICS) advisory relevant to numerous vulnerabilities impacting Schneider Electric’s Easergy medium voltage protection relays.

“Thriving exploitation of these vulnerabilities could disclose gadget qualifications, lead to a denial-of-support affliction, device reboot, or allow an attacker to achieve entire command of the relay,” the company reported in a bulletin on February 24, 2022. “This could result in loss of defense to your electrical network.”

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The two large-severity weaknesses affect Easergy P3 variations prior to v30.205 and Easergy P5 versions ahead of v01.401.101. Facts of the flaws are as follows –

  • CVE-2022-22722 (CVSS score: 7.5) – Use of hardcoded qualifications that could be abused to notice and manipulate website traffic connected with the gadget.
  • CVE-2022-22723 and CVE-2022-22725 (CVSS rating: 8.8) – A buffer overflow vulnerability that could result in method crashes and execution of arbitrary code by sending specially crafted packets to the relay above the network.

The flaws, which have been found out and described by researchers Timothée Chauvin, Paul Noalhyt, Yuanshe Wu at Red Balloon Security, had been addressed by Schneider Electric powered as aspect of updates pushed on January 11, 2022.

The advisory arrives a lot less than 10 days immediately after CISA issued one more alert warning of a number of critical vulnerabilities in Schneider Electric’s Interactive Graphical SCADA Procedure (IGSS) that, if productively exploited, could consequence in “disclosure of info and reduction of control of the SCADA procedure with IGSS operating in generation manner.”

Prevent Data Breaches

In connected news, the U.S. federal company also sounded the alarm relevant to Basic Electric’s Proficy CIMPLICITY SCADA software package, warning of two security vulnerabilities that could be abused to expose sensitive info, obtain code execution, and community privilege escalation.

The advisories stick to a Year In Evaluation report from industrial cybersecurity enterprise Dragos, which uncovered that 24% of the overall 1,703 ICS/OT vulnerabilities noted in 2021 experienced no patches available, out of which 19% experienced no mitigation, preventing operators from getting any measures to safeguard their systems from potential threats.

Moreover, Dragos discovered malicious exercise from a few new groups that were being identified concentrating on ICS methods last calendar year, such as from that of actors it tracks as Kostovite, Erythrite, and Petrovite, just about every of which focused the OT environments of renewable vitality, electrical utility, and mining and power corporations found in Canada, Kazakhstan, and the U.S.

Uncovered this write-up attention-grabbing? Follow THN on Facebook, Twitter  and LinkedIn to browse a lot more exclusive material we publish.


Some elements of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Nvidia Appears to Brush Off Ransomware Attack
Next Post: Conti Group Suffers Massive Data Breach Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.