Security News > 2022 > November > CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software
The U.S. Cybersecurity and Infrastructure Security Agency has published three Industrial Control Systems advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation.
Prominent among them is a set of three flaws affecting ETIC Telecom's Remote Access Server, which "Could allow an attacker to obtain sensitive information and compromise the vulnerable device and other connected machines," CISA said.
Israeli industrial cybersecurity firm OTORIO has been credited with discovering and reporting the flaws.
The second advisory from CISA concerns three flaws in Nokia's ASIK AirScale 5G Common System Module, which could pave the way for arbitrary code execution and stoppage of secure boot functionality.
"Successful exploitation of these vulnerabilities could result in the execution of a malicious kernel, running of arbitrary malicious programs, or running of modified Nokia programs," CISA noted.
The shortcoming has been addressed in version 1.5.0.0 Beta 4, which CISA said can be obtained by reaching out to Delta Industrial Automation directly or via Delta field application engineering.
News URL
https://thehackernews.com/2022/11/cisa-warns-of-critical-vulnerabilities.html
Related news
- CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List (source)
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
- CISA Identifies Five New Vulnerabilities Currently Being Exploited (source)
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)