Security News > 2022 > October > CISA warns of security holes in industrial Advantech, Hitachi kit

CISA warns of security holes in industrial Advantech, Hitachi kit
2022-10-20 00:35

The latest warnings flag up severe flaws in products from Advantech and Hitachi Energy, which serve both consumer and commercial markets.

The twin advisories include alerts about security holes in Advantech's R-SeeNet that can be exploited by remote attackers to take control of this industrial network router monitoring software or to delete PDF files from the system.

Appliances running the R-SeeNet software are used in such industrial sectors as manufacturing, energy, water, and wastewater, according to CISA. Advantech recommends organizations update their R-SeeNet software to version 2.4.21 or later, while CISA advises they minimize the exposure of the appliances - as with all control system devices - to the public internet.

The advisory regarding Hitachi Energy's Transformer Asset Performance Management Edge appliances is an update to an alert issued December 2, 2021 about 29 flaws impacting versions 1.0, 2.0, and 3.0.

"Hitachi Energy is aware of public reports of this vulnerability in the following open source software components: OpenSSL, LibSSL, libxml2 and GRUB2 bootloader," CISA wrote in its alert.

The alerts about Advantech and Hitachi Energy come a week after CISA issued advisories about vulnerabilities in 25 ICS products from Siemens, Hitachi, and Mitsubishi Electric, and a month after similar alerts about eight such systems.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/20/cisa_flaws_advantech_hitachi/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Advantech 27 0 60 108 77 245
Hitachi 56 1 38 43 6 88