Skip to main content

CISA added Twelve Industrial Control Systems Advisories affecting Major Manufacturers


CISA (Cybersecurity & Infrastructure Security Agency) released many advisories related to Industrial Control Systems affecting many manufacturers including Sewio, Ronds,  InHand, Panasonic, Siemens, and Philips.

Lets have a quick look of affetectd product line

Sewio’s RTLS Studio version 2.0.0 up to and including version 2.6.2 

Successful exploitation of these vulnerabilities could allow an attacker to obtain unauthorized access to the server, alter information, create a denial-of-service condition, gain escalated privileges, and execute arbitrary code.

CVE-2022-45444, CVE-2022-47911, CVE-2022-43483, CVE-2022-41989, CVE-2022-45127, CVE-2022-47395, CVE-2022-47917, CVE-2022-46733, CVE-2022-43455 has been assigned to this vulnerability.


RONDS Equipment Predictive Maintenance Solution v1.19.5
Successful exploitation of these vulnerabilities could allow an unauthorized user to leak login credentials and download files. In some circumstances, an unauthorized user can use login credentials to achieve remote code execution.
CVE-2022-3091, CVE-2022-2893 has been assigned to this vulnerability.
 

InHand Networks InRouter 302: All versions prior to IR302 V3.5.56 and InHand Networks InRouter 615: All versions prior to InRouter6XX-S-V2.3.0.r5542
Successful exploitation of these vulnerabilities could allow a message queuing telemetry transport (MQTT) command injection, unauthorized disclosure of sensitive device information, and remote code execution. If properly chained, these vulnerabilities could result in an unauthorized remote user fully compromising every cloud-managed InHand Networks device reachable by the cloud.
CVE-2023-22597, CVE-2023-22598, CVE-2023-22599, CVE-2023-22600, CVE-2023-22601 has been assigned to this vulnerability.


Panasonic Sanyo CCTV Network Camera VCC-HD5600P version 2.03-06, VDC-HD3300P version 2.03-08, VDC-HD3300P version 1.02-05, VCC-HD3300 version 2.03-02, VDC-HD3100P version 2.03-00, VCC-HD2100P version 2.03-02
Successful exploitation of this vulnerability could allow attackers to perform actions via HTTP without validity checks.
CVE-2022-4621 has been assigned to this vulnerability.


SAUTER Controls Nova 220 , Nova 230, Nova 106, moduNet300
Successful exploitation of these vulnerabilities could allow unauthorized visibility to sensitive information and remote code execution.
CVE-2023-0052, CVE-2023-0053 has been assigned to this vulnerability.


Johnson Controls Metasys ADS/ADX/OAS Version 10.X: All versions prior to 10.1.6  and Metasys ADS/ADX/OAS Version 11.X: All versions prior to 11.0.3
Successful exploitation of this vulnerability could result in exposed credentials in plain text to unauthenticated users.
CVE-2021-36204 has been assigned to this vulnerability.


Hitachi Energy Lumada APM – SaaS: Versions 6.0.0.0 to 6.4.220601.0 and Lumada APM – On Premises: Versions 6.0.0.0.0 to 6.4.0
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to any Power BI reports installed or manipulate asset issue comments on assets.
CVE-2022-2155 has been assigned to this vulnerability.


Siemens S7-1500 CPU devices, Siemens Mendix SAML Module, Siemens Automation License Manager and Siemens Solid Edge before V2023 MP1
Successful exploitation of this vulnerability could allow an attacker with physical access to the device to replace the boot image of the device and execute arbitrary code, gain sensitive information by tricking users into accessing a malicious link, modify and rename license files, extract licenses, and overwrite arbitrary files on the target system, potentially leading to privilege escalation and remote code execution, execute code while parsing files in different formats.
CVE-2022-38773, CVE-2022-46823, CVE-2022-43513, CVE-2022-43514, CVE-2022-47967 has been assigned to this vulnerability.


Philips Patient Information Center iX (PIC iX) and Efficia CM Series (Update A)
Successful exploitation of these vulnerabilities may allow an attacker unauthorized access to data (including patient data) and create a denial of service resulting in temporary interruption of viewing physiological data at the central station. Exploitation does not enable modification or change to point-of-care devices.
CVE-2021-43548, CVE-2021-43552, CVE-2021-43550 has been assigned to this vulnerability.

Comments

Popular posts from this blog

Unleashing Chaos: Craxs Rat Update V5 Introduces Terrifying New Features

The notorious Craxs Rat malware has recently unleashed its latest version, Update V5, introducing a range of new features and enhancements. This update further strengthens the capabilities of Craxs Rat, posing an increased threat to individuals and organizations alike. In this article, we delve into the details of the updated features of Craxs Rat V5, shedding light on its improved functionality and potential impact on cybersecurity.

Prilex: The Most Advanced PoS Malware with the Ability to Block Contactless Payments

Prilex is a highly advanced malware that has evolved from ATM-focused malware into a unique modular PoS malware, known to be the most advanced PoS threat seen so far. It has a unique cryptographic scheme, performs real-time patching in target software, forces protocol downgrades, manipulates cryptograms, performs GHOST transactions and performs credit card fraud. Recently, three new versions of Prilex have been discovered with the ability to block contactless payment transactions, which have become popular due to the pandemic. These new versions block NFC-based transactions and force victims to use their physical card by inserting it into the PIN pad reader, which allows the malware to capture the data coming from the transaction.

BlackLotus UEFI Bootkit: A New Threat to Windows Security

In March 2023, security researchers from ESET announced the discovery of a new UEFI bootkit called BlackLotus . This bootkit is capable of bypassing UEFI Secure Boot, a security feature that is designed to prevent malware from infecting a computer's firmware. Once BlackLotus is installed, it can give an attacker complete control over the computer, including the ability to steal data, install other malware, and disrupt the computer's operation. BlackLotus is a sophisticated piece of malware that is difficult to detect and remove. It is also relatively new, so there is limited information about how it works. However, ESET researchers have been able to learn a lot about BlackLotus, and they have published a detailed analysis of the malware.