All news with #ot security tag

⚠️ Festo devices running affected EtherNet/IP firmware are vulnerable to multiple remotely exploitable issues, including incorrect numeric conversions, out-of-bounds reads, and reachable assertions that can lead to denial-of-service or data disclosure. Combined CVSS scores reach up to 8.2, and successful exploitation requires low attack complexity. Festo reports no planned fixes; CISA advises minimizing network exposure, disabling EtherNet/IP when unused, isolating control networks, and using secure remote access such as up-to-date VPNs. Organizations should limit exposure, monitor EtherNet/IP activity, and report suspected incidents.

⚠️ CISA reports high-severity vulnerabilities in National Instruments' Circuit Design Suite that could cause memory corruption, information disclosure, or enable arbitrary code execution. Two flaws—a type confusion (CVE-2025-6033) and an out-of-bounds read (CVE-2025-6034)—affect versions 14.3.1 and earlier and carry CVSS v4 base scores of 8.4. Both issues require local access but have low attack complexity. National Instruments has released version 14.3.2 and CISA advises updating and reducing network exposure for control-system devices.

🔔 On September 30, 2025, CISA released ten Industrial Control Systems advisories summarizing current security issues, vulnerabilities, and known exploits affecting a range of ICS products. The advisories cover MegaSys Enterprises, multiple Festo devices, OpenPLC_V3, National Instruments Circuit Design Suite, LG Innotek cameras, and updates for Keysight Ixia, HEIDENHAIN, and Rockwell Automation. Administrators are urged to review the technical details and apply recommended mitigations promptly to reduce operational risk.

⚠️ Festo CPX-CEC-C1 and CPX-CMXX devices contain an improper privilege management vulnerability (CWE-269) that permits unauthenticated remote access to critical webserver functions and may cause a denial of service. The issue is identified as CVE-2022-3079 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/A:H). Festo currently has no firmware fix planned; recommended mitigations include restricting access to TCP port 80 and replacing affected units with specified follow-up products.

🛡️ National cybersecurity agencies from seven countries released unified operational technology (OT) security guidance on 29 September, aimed at practitioners who deploy or operate OT equipment and systems. The document is organised around five core principles and supplies step-by-step actions for OT security teams to strengthen resilience. It emphasises creating and maintaining a definitive record that covers asset classification, connectivity mapping, system architecture and third-party risks.

🔒 CISA, the FBI, the UK NCSC, and international partners published joint guidance titled Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture. The guidance explains how organizations can use data sources such as asset inventories and manufacturer-provided resources, including software bill of materials, to create and maintain an accurate OT record. It highlights benefits like improved risk assessment, prioritization of critical and exposed systems, and stronger architectural controls, and recommends cross-team collaboration and alignment with IEC 62443 and ISO/IEC 27001.

🔔 CISA released one Industrial Control Systems advisory on September 25, 2025 addressing Dingtian DT-R002. The advisory, ICSA-25-268-01, provides technical details on identified vulnerabilities and recommended mitigations for affected ICS devices. Administrators and operators are encouraged to review the advisory promptly and apply mitigations to reduce operational risk. This product is provided subject to CISA's Notification and Privacy & Use policies.

⚠️ CISA warns that the Dingtian DT-R002 relay board contains two Insufficiently Protected Credentials vulnerabilities (CVE-2025-10879, CVE-2025-10880) that allow unauthenticated attackers to retrieve a username and extract the proprietary protocol password. Both flaws affect all versions, are remotely exploitable with low complexity, and carry CVSS v4 base scores of 8.7. Dingtian has not engaged with CISA; users should restrict HTTP (TCP/80) and the Dingtian protocol on UDP/60000–60001, isolate devices from the internet, and follow ICS defensive best practices.

🔐 CISA and partners released Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators to help operational technology (OT) owners build accurate, prioritized asset inventories. The guide—co-developed with federal, international, and industry experts—details practical steps to classify devices, map dependencies, and integrate inventories into risk and incident response workflows. It emphasizes continuous maintenance and alignment with NIST and IEC 62443.

🚨 CISA published an advisory on September 23, 2025, describing high‑severity vulnerabilities in Viessmann's Vitogate 300 gateway. The advisory identifies an OS command injection (CWE‑78, CVE‑2025‑9494) and a client‑side enforcement bypass (CWE‑602, CVE‑2025‑9495) that can enable command modification or unexpected client–server interactions. A CVSS v4 base score of 8.7 is reported overall, and affected devices running versions prior to 3.1.0.1 should be upgraded. CISA notes these issues are not remotely exploitable and recommends updating to 3.1.0.1 and implementing network hardening controls.

⚠️ CISA advises that a denial-of-service vulnerability (CVE-2025-8531) affects Mitsubishi Electric MELSEC-Q Series CPU modules when the user authentication function is enabled, due to improper handling of a length parameter (CWE-130). The issue has a CVSS v3.1 base score of 6.8 (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) and is exploitable remotely but characterized by high attack complexity. Mitsubishi has identified fixed units with serial ranges beginning '27082' or later and recommends migrating to the successor MELSEC iQ-R Series where updates are unavailable; organizations should apply network-access restrictions and defense-in-depth mitigations.

⚠ Schneider Electric has released an update addressing a link‑following vulnerability (CVE‑2025‑5296) in SESU that could allow an authenticated, low‑privileged actor to write arbitrary data to protected locations. The issue, rated CVSS v3.1 base score 7.3, affects SESU versions prior to 3.0.12 and numerous Schneider Electric products that bundle SESU. Version 3.0.12 contains the fix; apply the update or restrict access to the installation directory and follow CISA mitigation guidance.

🔒 AutomationDirect has disclosed multiple vulnerabilities in the CLICK PLUS series affecting firmware releases prior to v3.71. Issues include cleartext credential storage, a hard-coded AES key, an insecure RSA implementation, a predictable PRNG seed, authorization bypasses, and resource exhaustion flaws. CVSS v4 severity reaches 8.7 for the most critical cryptographic and key-generation weaknesses. AutomationDirect and CISA recommend updating to v3.80 and applying network isolation, access restrictions, logging, and endpoint protections until patches are deployed.

🔷 Microsoft was named a Leader in the 2025 Gartner Magic Quadrant for Global Industrial IIoT Platforms, highlighting its industrial cloud portfolio. Azure’s adaptive cloud—anchored by Azure IoT, Azure Arc, Azure Digital Twins, and Microsoft Fabric—is positioned to unify cloud-to-edge data, enable real‑time intelligence, and scale AI-driven operations. The platform emphasizes security with Microsoft Defender for IoT, Microsoft Sentinel, and Microsoft Entra, while enabling brownfield integration and partner-led solutions to accelerate industrial modernization.

⚠️ Hitachi Energy has disclosed multiple high-severity vulnerabilities in Asset Suite, affecting versions 9.6.4.5 and earlier. The issues include SSRF, deserialization of untrusted data, cleartext password exposure, uncontrolled resource consumption, open redirect, and improper authentication that can lead to remote code execution. Customers should apply vendor-provided mitigations and upgrades immediately to reduce exposure.

🔔 A vulnerability in Westermo WeOS 5 when IPSec is enabled can allow a specially crafted ESP packet to trigger an immediate device reboot. Westermo reported the flaw and released WeOS 5 version 5.24.0 to address the issue. CISA rates the vulnerability as remotely exploitable with a CVSS v4 score of 8.2 and notes high attack complexity.

⚠️ Westermo disclosed an OS command injection vulnerability in WeOS 5 (CVE-2025-46418) affecting versions 5.24 and later. The flaw arises from unsafe handling of media definitions and can allow an authenticated administrator to inject OS commands and potentially exceed intended privileges. CVSS scores include 7.6 (v3.1) and 8.7 (v4). Vendor and CISA recommend restricting admin access, segmenting networks, and using secure remote access practices as mitigations.

🛡️ CISA released nine Industrial Control Systems (ICS) advisories on September 18, 2025, detailing vulnerabilities, exploits, and mitigations affecting multiple vendors and products. The advisories cover Westermo WeOS, Schneider Electric Saitel RTUs, Hitachi Energy Asset and Service Suites, Cognex In‑Sight devices, Dover Fueling Solutions ProGauge MagLink LX4 devices, plus updates for rail linking protocols and Mitsubishi FA engineering tools. Administrators and operators are urged to review the technical details and apply recommended mitigations promptly to reduce operational and safety risk.

⚠️ Dover Fueling Solutions disclosed critical vulnerabilities in its ProGauge MagLink LX4, LX4 Plus, and LX4 Ultimate tank monitors that may be exploited remotely. Identified issues include an integer overflow (CVE-2025-55068), a hard-coded cryptographic signing key (CVE-2025-54807), and non‑changeable weak default root credentials (CVE-2025-30519), with ratings up to CVSS v4 9.3. Affected firmware must be updated to 4.20.3 for LX4/LX4 Plus or 5.20.3 for LX4 Ultimate; operators are urged to minimize network exposure and place devices behind firewalls.

🔒 Cognex disclosed multiple high-severity vulnerabilities in In-Sight Explorer and firmware for the In-Sight 2000/7000/8000/9000 series (versions 5.x through 6.5.1). Identified issues include hard-coded credentials, cleartext management protocols (including telnet and a proprietary TCP 1069 service), weak default permissions, authentication bypass via capture-replay, and insufficient server-side enforcement. CISA assigns high CVSS scores (up to 8.8 v3.1 and 8.6 v4), warns of credential disclosure, configuration manipulation, and potential denial-of-service, and recommends migration to newer In-Sight Vision Suite systems and network isolation.