All news with #ot security tag

⚠️ Schneider Electric disclosed OS command injection vulnerabilities in Saitel DR and Saitel DP RTUs that could allow execution of arbitrary shell commands when BLMon is invoked in an SSH session. Two issues (CVE-2025-9996, CVE-2025-9997) carry a CVSS v4 base score of 5.8 (v3.1 6.6). Affected firmware versions are Saitel DR <= 11.06.29 and Saitel DP <= 11.06.33; fixed firmware releases are available and require a reboot. Schneider recommends restricting BLMon access, firewalling SSH, and following standard patching and ICS best practices.

⚠️ Hitachi Energy disclosed a critical deserialization-of-untrusted-data vulnerability affecting Service Suite (versions prior to 9.6.0.4 EP4) that permits unauthenticated remote access via IIOP or T3 to compromise Oracle WebLogic Server. The issue is tracked as CVE-2020-2883 with a CVSS v4 base score of 9.3 and is characterized as remotely exploitable with low attack complexity. Hitachi Energy advises updating affected instances to version 9.8.2 or the latest release and applying vendor mitigation guidance immediately. CISA additionally recommends minimizing network exposure, isolating control networks behind firewalls, using up-to-date VPNs for remote access, and performing risk and impact assessments prior to deploying defensive changes.

🔒 Siemens products that include vulnerable OpenSSL libraries are affected by an out-of-bounds read (CVE-2021-3712) that may be exploited remotely and carries a CVSS v3.1 base score of 7.4. A broad set of industrial networking and automation devices — including SCALANCE, RUGGEDCOM, SIMATIC, SINEMA, SINUMERIK, TIA and Industrial Edge apps — are listed as impacted. OpenSSL fixes are available in 1.1.1l and 1.0.2za; Siemens has published product updates and mitigations where possible. CISA and Siemens recommend applying vendor-supplied updates, minimizing network exposure, isolating control networks, and using secure remote access until fixes are deployed.

🔔 CISA released eight Industrial Control Systems advisories on September 16, 2025, providing technical descriptions of vulnerabilities and vendor mitigations. The advisories affect products from Schneider Electric, Hitachi Energy, Siemens, and Delta Electronics, and include issues ranging from OpenSSL-related flaws to product-specific defects. One advisory is an update for Galaxy VS/VL/VXL (ICSA-25-140-07 Update A). Administrators are urged to review the advisories and apply recommended mitigations promptly to reduce operational risk.

⚠️ Delta Electronics' DIALink contains multiple path traversal vulnerabilities that can be exploited remotely to bypass authentication, including at least one flaw rated CVSS v4 10.0. Affected releases include V1.6.0.0 and prior. An anonymous researcher working with Trend Micro's Zero Day Initiative reported the issues to CISA and Delta has released updates. Organizations should upgrade to v1.8.0.0 or later, segment devices from business networks, avoid exposing control equipment to the Internet, and use secure remote access methods.

⚠️ Hitachi Energy reported multiple vulnerabilities in the RTU500 series including null pointer dereference, XML parser flaws, heap and stack buffer overflows, integer overflow, and IEC 61850 message validation errors. Several CVEs have been assigned (e.g., CVE-2023-2953, CVE-2024-45490–45492, CVE-2024-28757, CVE-2025-39203, CVE-2025-6021) and the highest CVSS v4 score is 8.2. Exploitation could cause Denial-of-Service conditions such as device reboots or disconnects. Hitachi Energy provides firmware updates for affected 12.7.x–13.7.x releases and CISA recommends patching, minimizing network exposure, applying segmentation, and using secure remote access.

🔒 Siemens SINAMICS drive firmware contains an Improper Privilege Management vulnerability (CVE-2025-40594) that can allow local network users to escalate privileges and perform a factory reset without required rights. A CVSS v3.1 base score of 6.3 and a CVSS v4 base score of 6.9 were calculated. Siemens provides updates for S210 and G220 (V6.4 HF2); S200 V6.4 currently has no fix. CISA and Siemens recommend minimizing network exposure, isolating control networks, and using secure remote access methods.

🔓 CISA published an advisory describing an authorization bypass in Daikin Security Gateway devices that abuses a weak password recovery mechanism. The vulnerability, tracked as CVE-2025-10127, is remotely exploitable with low complexity and carries a CVSS v4 score of 8.8; public proof‑of‑concept code exists. Daikin has indicated it will not issue a vendor-wide patch and will handle customer inquiries directly; CISA recommends isolating affected devices, placing them behind firewalls, and using secure, up-to-date VPNs or other hardened remote access controls.

🛡️ CISA republished information from Siemens ProductCERT regarding two vulnerabilities affecting the RUGGEDCOM RST2428P (6GK6242-6PA00). The issues — uncontrolled resource consumption (CVE-2025-40802) and exposure of sensitive information (CVE-2025-40803) — are exploitable from an adjacent network and have low CVSS scores (v3.1=3.1; v4=2.3). Siemens recommends firewalling UDP discovery ports and following industrial security guidance; CISA advises minimizing network exposure and isolating control networks.

⚠️ Siemens Industrial Edge Management OS (IEM-OS) contains an allocation-of-resources vulnerability in Apache Commons FileUpload that can be triggered remotely to cause a denial-of-service condition. The issue is tracked as CVE-2025-48976 with a CVSS v4 base score of 8.7 and a CVSS v3.1 vector indicating an availability-only impact. Siemens reports all IEM-OS versions affected and recommends migrating to IEM-V, limiting access to trusted systems, and following Siemens' operational security guidance. CISA reiterates minimizing network exposure, using network segmentation and firewalls, and employing secure remote access methods.

🛡️ Siemens reports a local privilege escalation vulnerability affecting SIMOTION Tools installers that use an affected NSIS setup component. The flaw (CWE-754) in Nullsoft Scriptable Install System (NSIS) before 3.11 can allow an unprivileged user to gain SYSTEM privileges during installation by exploiting a race condition. The issue is tracked as CVE-2025-43715 with a CVSS v3.1 base score of 8.1. No vendor fix is available yet; Siemens and CISA offer mitigations and hardening guidance.

🔒 Schneider Electric disclosed a Files or Directories Accessible to External Parties vulnerability affecting Modicon M340 devices and the BMXNOE0100/BMXNOE0110 Ethernet modules that could allow remote actors to remove files, block firmware updates, and disrupt the device webserver. The issue is tracked as CVE-2024-5056 with a CVSS v4 base score of 6.9. Schneider released firmware fixes for BMXNOE0100 (SV3.60) and BMXNOE0110 (SV6.80) and recommends immediate mitigations including network segmentation, disabling FTP when not required, and configuring Access Control Lists per the device manual. CISA also advises isolating control networks, minimizing internet exposure, and using VPNs for remote access.

⚠️ CISA published an advisory on two vulnerabilities in Schneider Electric EcoStruxure products that could enable a denial-of-service condition and the exposure of sensitive credentials. The issues are tracked as CVE-2025-8449 (uncontrolled resource consumption) and CVE-2025-8448 (sensitive information exposure). Affected Enterprise Server and Workstation versions should be updated to the fixed releases (for example 7.0.2.348, 6.0.4.10001 (CP8), 5.0.3.17009 (CP16)). If patches cannot be applied immediately, implement strong access controls, network segmentation, MFA where available, and continuous monitoring.

🔒 Siemens reported a vulnerability in Apogee PXC and Talon TC devices that allows unauthorized actors to download device database files via BACnet. Affected devices permit unauthenticated access to encrypted .db files that can contain passwords; the issue is tracked as CVE-2025-40757 with a CVSS v4 base score of 6.3. Siemens and CISA recommend changing default passwords, hardening network access, and isolating control networks. Exploitation is remotely feasible with low complexity; no public exploitation has been reported to CISA.

🔒 Open-source tools can provide a cost-effective, flexible foundation for operational technology (OT) security in industrial environments. By combining passive asset discovery, protocol-aware inspection, IDS/IPS, centralized logging and vulnerability management, organizations can approximate many capabilities of expensive commercial offerings. Recommended components include Malcolm (with Zeek), Security Onion, ELK, Wazuh and OpenVAS, augmented by asset sources like NetBox. Successful deployment requires experienced OT/IT teams or external consultants to configure, tune and maintain the stack, and is not a plug-and-play substitute for vendor support.

🔒 A newly observed ransomware group, The Gentlemen, has rapidly expanded operations across Asia Pacific, South America, the US and the Middle East since first being identified in August. Trend Micro reports the group leverages legitimate drivers, GPO abuse and custom tooling to disable endpoint security and move laterally. Victims span manufacturing, construction, healthcare and insurance, and defenders are urged to adopt zero-trust, behavioral EDR/XDR and rigorous segmentation.

🔒 Industrial digitization and interconnected production make OT security a strategic priority, as attacks on SCADA, networked machines and production data can cause outages, reputational harm and even life‑threatening incidents. Faced with budget pressure, the article explores cost‑efficient open-source alternatives that can approach commercial capability. It outlines recommended tool combinations and operational caveats.

⚠️ Rockwell Automation's CompactLogix® 5480 controllers (versions 32–37.011 with Windows package 2.1.0 on Windows 10 v1607) contain a Missing Authentication for Critical Function vulnerability (CVE-2025-9160). An attacker with physical access could abuse the controller's maintenance menu to execute arbitrary code. CVSS scores are v3: 6.8 and v4: 7.0, and CISA reports the flaw is not remotely exploitable with no public exploitation reported. Rockwell and CISA recommend applying published security best practices and minimizing network exposure.

🔒 Rockwell Automation released a security update for 1783-NATR to remediate a memory corruption issue stemming from a Wind River VxWorks calloc() allocator flaw. The vulnerability (CVE-2020-28895) can produce smaller-than-expected allocations, enabling memory corruption and potential remote exploitation with low attack complexity. Rockwell published firmware 1.007 to correct the defect; customers unable to upgrade should follow Rockwell's security best practices and apply the network and access mitigations recommended by CISA.

🔒 Rockwell Automation disclosed a vulnerability in Analytics LogixAI (versions 3.00 and 3.01) caused by an over-permissive Redis instance that can expose sensitive system information to an intranet attacker. Tracked as CVE-2025-9364, the issue carries a CVSS v3.1 score of 8.8 and a CVSS v4 score of 8.7 and may permit data access and modification when exploited from an adjacent network with low attack complexity. Rockwell has published fixes in versions 3.02 and later and advises customers to apply updates where possible; CISA reiterates standard mitigations such as minimizing network exposure, isolating control networks behind firewalls, and maintaining secure remote access practices.