< ciso
brief />
Tag Banner

All news with #ics security tag

143 articles

UK updates National Risk Register with cyber scenarios

πŸ”’ The UK government has expanded its National Risk Register to include several new cyber-related scenarios affecting digital infrastructure, water systems, policing, and a potential large-scale IT outage. The July 14 update also adds a section on interference in democratic processes, covering attacks on election infrastructure and online information operations. Likelihoods are generally assessed as low but impacts range from moderate to catastrophic, prompting plans for a national resilience campaign to boost household preparedness.
read more β†’

Six U-Boot Vulnerabilities Enable Stealthy Firmware Attacks

πŸ”’ Binarly disclosed six vulnerabilities in the widely used U-Boot bootloader's FIT signature verification that can lead to crashes or arbitrary code execution during device boot. These flaws, present in code dating back to U-Boot 2013.07, potentially affect many releases and vendor forks across BMCs, networking gear, industrial systems, and IoT devices. While patches have been accepted upstream, vendor firmware updates are required to protect devices, and unsupported hardware may remain vulnerable.
read more β†’

AzeoTech DAQFactory Type Confusion Advisory

πŸ”’ AzeoTech DAQFactory versions 21.1 and earlier contain a Type Confusion vulnerability that can be triggered by specially crafted .ctl files, potentially enabling arbitrary code execution. Users are advised to avoid opening documents from untrusted sources, store .ctl files in admin-only writable folders, operate in Safe Mode, and apply document editing passwords. CISA notes no known public exploitation and emphasizes network exposure minimization for control systems.
read more β†’

Schneider Electric Products: Insufficient Entropy Fixes

πŸ”’ Schneider Electric has identified a CWE-331 Insufficient Entropy vulnerability affecting multiple Easergy, EcoStruxure, PowerLogic, and Saitel products that could enable unauthorized access or session compromise. Vendor-supplied fixes and firmware updates are available for numerous models and versions; several updates require a reboot. For models without immediate fixes, Schneider recommends network segmentation and reduced session timeouts as mitigations, and provides general cybersecurity best practices.
read more β†’

Mitsubishi MELSEC iQ-F EtherNet/IP DoS Fix

πŸ”’ An integer overflow in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP modules can be exploited remotely to cause a denial-of-service by rapidly opening many TCP connections, leading to improper memory access. A vendor update (version 1.001 or later) is available from Mitsubishi Electric to remediate the issue. Until patched, the vendor recommends network restrictions such as firewalls, VPNs, IP filtering, LAN-only operation, and limiting physical and host access to reduce exposure.
read more β†’

MELSEC iQ-F FX5-ENET/IP Denial-of-Service Risk

πŸ›‘οΈ Mitsubishi Electric reports an Expected Behavior Violation in the MELSEC iQ-F Series FX5-ENET/IP Ethernet Module that can be exploited to cause a denial-of-service by flooding the device's Ethernet port with packets. No patch is planned; vendors recommend network-level mitigations such as firewalls, VPNs, IP filtering, and restricting physical and network access to reduce exploitation risk.
read more β†’

Path Traversal Vulnerability in Schneider Electric RTUs

πŸ”’ Schneider Electric EasyLogic T150 and Saitel DP devices contain a CWE-22 Path Traversal vulnerability that can allow unauthorized access to sensitive files when server-side file path processing mishandles user input. Affected firmware versions include EasyLogic T150 <=11.06.31 and Saitel DP <=11.06.36. Remediations include firmware updates to 11.06.32 for EasyLogic T150 and 11.06.37 for Saitel DP; contact Schneider Electric Customer Care to obtain downloads and reboot devices after installing. CISA recommends network isolation, strict credential controls, and defensive measures for ICS devices.
read more β†’

Multiple authentication and crash issues in industrial historian

πŸ”’ Rockwell Automation's FactoryTalk Historian Site Edition and related AVEVA PI Data Archive components contain vulnerabilities that can allow authentication bypass, denial of service, or crashes. Race conditions (CWE-362) and uncaught exceptions (CWE-248) are cited; repeated login requests may yield valid tokens. Vendors provide mitigations and patches; CISA urges network segmentation, restricted access, and defensive best practices.
read more β†’

Protecting Legacy OT Systems From Modern Threats

πŸ”’ Manufacturing facilities often rely on long-running operational technology (OT) that was built for stability, not security. As IT and OT converge, previously isolated systems face increased exposure to internet-borne attacks, ransomware, and supply-chain disruption. Effective defenses start with asset visibility, careful deployment choices, network protections for agentless devices, and long-term vendor support to mitigate risks without disrupting production.
read more β†’

PavilionX Missing Authorization Vulnerability Adviso

πŸ”’ A security issue was identified in Rockwell Automation FactoryTalk Analytics PavilionX due to improper authorization enforcement in API endpoints, allowing unauthorized actors to perform privileged operations such as user and role management. Rockwell Automation recommends updating PavilionX to version 7.01 or later. CISA advises minimizing network exposure of control system devices, isolating them behind firewalls, and using secure remote access methods while performing impact analysis before defensive changes.
read more β†’

Rockwell FLEX I/O EtherNet/IP Adapter Flaws Fixed

πŸ”’ Rockwell Automation FLEX I/O EtherNet/IP adapters (1794-AENTR) contain vulnerabilities that could enable unauthorized access, account takeover, and denial-of-service. A memory-handling flaw in CIP request processing may cause adapter faults and loss of I/O connectivity, while an embedded web server issue allows unauthenticated password changes via a crafted HTTP GET. Rockwell recommends updating to firmware 2.013 to remediate these issues.
read more β†’

Rockwell CompactLogix CIP Sequence and Info Leak

πŸ”’ A security advisory details vulnerabilities in Rockwell Automation CompactLogix 1769 controllers where missing validation of CIP sequence numbers and source IPs and exposure of CIP Connection IDs on the device web diagnostics page can be abused to trigger denial-of-service conditions. Rockwell recommends updating affected devices to firmware V38.011 and refers users to advisory SD1776 for mitigation steps. CISA advises minimizing network exposure, placing control systems behind firewalls, using secure remote access like VPNs, and following standard ICS defensive practices and reporting procedures.
read more β†’

Rockwell Logix 5370/5570 CIP Denial-of-Service Fixes

πŸ›‘οΈ A denial-of-service vulnerability in Rockwell Automation Logix 5370 and 5570 controllers can cause a major nonrecoverable fault (MNRF) when a crafted CIP message is processed, with devices having less memory at greater risk. Rockwell advises updating to specific firmware versions: CompactLogix 5370 (34.016+), Compact GuardLogix 5370 (35.015+), ControlLogix 5570 (36.012+), and GuardLogix 5570 (37.011+). CISA recommends minimizing network exposure, isolating control networks behind firewalls, using secure remote access methods such as VPNs, and following ICS defensive best practices to reduce exploitation risk.
read more β†’

RSLinx Classic vulnerability advisory and mitigations

πŸ”’ This advisory describes a stack-based buffer overflow and an out-of-bounds read in Rockwell Automation RSLinx Classic Third-Party components that can cause denial of service or enable remote code execution. Rockwell recommends upgrading to version 4.60.00 or later or applying patch BF31213 where upgrades are not possible. CISA urges minimizing network exposure, isolating control systems behind firewalls, and using secure remote access methods such as updated VPNs while performing impact analysis and risk assessments.
read more β†’

KACO Blueplanet Inverters: Credential and SQL Injection Risk

πŸ”’ KACO blueplanet inverters contain vulnerabilities that can expose service credentials and allow SQL injection against management components. Siemens and KACO new energy have released updates for some models and recommend updating to the latest firmware where fixes exist. Operators should minimize network exposure, segment control networks, and apply vendor security updates after validation and supervised deployment.
read more β†’

EcoStruxure Panel Server insecure default credentials

πŸ”’ Schneider Electric disclosed a CWE-1188 vulnerability in EcoStruxure Panel Server products that may cause credentials to revert to insecure defaults in rare circumstances, permitting unauthorized authentication and disclosure of sensitive information. A vendor firmware update (version 002.006.000) is available for affected PAS400/PAS600/PAS800 and V2 variants and requires a reboot. Users are advised to apply the update and follow recommended ICS segmentation and hardening best practices.
read more β†’

RADIUS Message Integrity Flaw in Modicon Switches

πŸ”’ Schneider Electric disclosed a RADIUS protocol vulnerability (CVE-2024-3596) affecting Modicon Network Managed Switches when the RADIUS Server Message Authenticator option is disabled. The flaw can allow forged RADIUS responses, potentially causing denial of service and loss of confidentiality or integrity for devices connected to the switch. Default configurations are not vulnerable; vendors provide CLI and MIB guidance to ensure msgauth remains enabled. CISA republished the advisory to increase visibility and recommends standard ICS network hardening practices.
read more β†’

Malware threats imperil automated tank gauges

πŸ”’ CISA warns that ongoing cyber-attacks on automated tank gauges (ATGs) could allow attackers to drain fuel tanks or hide theft and leaks, affecting gas stations, military bases, hospitals, and industrial sites. The attacks exploit authentication bypasses, hardcoded credentials, OS command execution, SQL injection, and privilege escalation to gain full control. Administrators are urged to remove public serial connections, change default passwords, apply patches, report incidents to CISA, and push supply-chain partners to adopt defenses.
read more β†’

Hitachi Energy RTU500: Multiple Denial‑of‑Service Flaws

πŸ”’ Hitachi Energy has disclosed multiple vulnerabilities affecting RTU500 devices that primarily enable Denial of Service, with potential secondary impacts to confidentiality and integrity. Affected components include PKCS#12 handling, libexpat, and IEC protocol implementations, with issues such as NULL pointer dereferences, integer overflows, and infinite loops. Vendor fixes are available in CMU Firmware versions 13.7.9/13.8.2 (13.7.9 when available), and CISA recommends minimizing network exposure and applying vendor updates and standard mitigations.
read more β†’

B&R PPT30 OPC‑UA Resource Exhaustion Fix

πŸ”’ B&R has identified a resource exhaustion vulnerability in the OPC‑UA Server used in PPT30 Operating System versions before 1.8.0 that can render the OPC‑UA service inaccessible. The vendor corrected the issue in PPT30 Operating System 1.8.0 and notes the OPC‑UA server is not enabled by default. B&R and CISA recommend updating affected devices, restricting OPC‑UA activation to required systems, and segmenting and firewalling networks to limit access.
read more β†’