Security News > 2020 > December > Critical Flaws in Kepware Products Can Facilitate Attacks on Industrial Firms
Several critical vulnerabilities have been found by researchers in products from PTC-owned industrial automation solutions provider Kepware.
The U.S. Cybersecurity and Infrastructure Security Agency last week published two advisories describing vulnerabilities identified in Kepware products.
Learn more about vulnerabilities in industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.
The second advisory released last week by CISA describes one critical vulnerability found by a Cisco Talos researcher in Kepware LinkMaster, which is designed for exchanging data between OPC DA servers.
"The vulnerabilities were raised and addressed through PTC's Coordinated Vulnerability Disclosure program - an important piece of our product security strategy. We appreciate our partnership with security research firms like Claroty and Cisco Talos and their willingness to work with PTC through the CVD program. Working with CISA provides a vehicle for the disclosure of vulnerabilities in a responsible way," PTC said in an emailed statement.
News URL
Related news
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)