Multiple Industrial Control System Vendors Warn of Critical Bugs

2020-11-17 22:38

Industrial control system firms Real Time Automation and Paradox both warned of critical vulnerabilities Tuesday that opened systems up to remote attacks by adversaries.

RTA, which describes itself as providing industrial control systems for manufacturing and building automation, posted information regarding the vulnerability on Oct. 27.

According to Paradox, the impacted IP150 Internet Module is a "LAN based communication module that enables you to control and monitor your Paradox security system over a LAN or the internet through any web browser."

In lieu of patches Paradox offered a number of mitigation recommendations including ensuring the least-privilege user principle is adhered to and "Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the internet."

Schneider reported nine high-severity bugs in its Interactive Graphical SCADA System.

News URL

https://threatpost.com/ics-vendors-warn-critical-bugs/161333/

#critical #vendors