Security News > 2023 > January > CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

The U.S. Cybersecurity and Infrastructure Security Agency has released several Industrial Control Systems advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens.

The most severe of the flaws relate to Sewio's RTLS Studio, which could be exploited by an attacker to "Obtain unauthorized access to the server, alter information, create a denial-of-service condition, gain escalated privileges, and execute arbitrary code," according to CISA. This includes CVE-2022-45444, a case of hard-coded passwords for select users in the application's database that potentially grant remote adversaries unrestricted access.

Also notable are two command injection flaws and an out-of-bounds write vulnerability that could result in denial-of-service condition or code execution.

The vulnerabilities impact RTLS Studio version 2.0.0 up to and including version 2.6.2.

CISA, in a second alert, highlighted a set of five security defects in InHand Networks InRouter 302 and InRouter 615, including CVE-2023-22600, that could lead to command injection, information disclosure, and code execution.

Security vulnerabilities have also been disclosed in Sauter Controls Nova 220, Nova 230, Nova 106, and moduNet300 that could allow unauthorized visibility to sensitive information and remote code execution.

News URL

https://thehackernews.com/2023/01/cisa-warns-for-flaws-affecting.html