Industrial Control Systems Vulnerabilities and The Security Bulldog
Millions of industrial control systems around the world are vulnerable to critical cyberattacks that could result in massive blackouts, according to a new report. The report, released by CISA, identified three industrial control system software vulnerabilities that hackers could exploit.
These vulnerabilities can potentially cause significant damage not only to the systems themselves but also to the economies they support. Cybersecurity experts say it is urgent for companies and governments to address these vulnerabilities before hackers can exploit them.
Read more here: https://thehackernews.com/2022/11/cisa-warns-of-critical-vulnerabilities.html
Industrial control systems are used to manage and monitor industrial processes. They are critical to the functioning of many industries, including power generation, oil and gas production, and manufacturing. The three vulnerabilities identified in the CISA report could be exploited to gain control of these systems and cause them to malfunction.
This includes CVE-2022-3703 (CVSS score: 9.0), a critical flaw that stems from the RAS web portal's inability to verify the authenticity of firmware, thereby making it possible to slip in a rogue package that grants backdoor access to the adversary.
Two other flaws relate to a directory traversal bug in the RAS API (CVE-2022-41607, CVSS score: 8.6) and a file upload issue (CVE-2022-40981, CVSS score: 8.3) that can be exploited to read arbitrary files and upload malicious files that can compromise the device.
All of these flaws can be exploited remotely without the need for authentication. An attacker could gain control of a system simply by sending a malicious email or connecting to an infected website.
The CISA report comes just weeks after the US government warned that Russian hackers had compromised dozens of American utilities, including some nuclear power plants.
Set up your account, and we'll filter billions of documents for you to locate these CVEs and the cyber content more similar to them. Finding out about breaches like this as fast as possible is the key to speedy remediation. https://securitybulldog.com/sign-up/
Responses