< ciso
brief />
Tag Banner

All news with #ot security tag

351 articles · page 15 of 18

Rockwell FactoryTalk ViewPoint XML External Entity Flaw

🔒 Rockwell Automation reported a FactoryTalk ViewPoint XML External Entity (XXE) vulnerability (CVE-2025-9066) that can be exploited remotely with low attack complexity to induce a temporary denial-of-service via crafted SOAP requests. Affected devices include PanelView Plus 7 terminals (version 14 and prior). Rockwell released firmware fixes and patches, and CISA recommends minimizing network exposure, isolating control networks, and applying vendor updates promptly. The vulnerability is scored CVSS v4 8.7 (CVSS v3.1 7.5).
read more →

Rockwell Automation PanelView and FactoryTalk ME Flaws

🔒 Rockwell Automation disclosed vulnerabilities in FactoryTalk View Machine Edition and PanelView Plus 7 that can allow unauthorized access to device file systems and diagnostic data. CVE-2025-9064 is a network-exploitable path traversal issue; CVE-2025-9063 is an improper-authorization flaw tied to an ActiveX control. Rockwell recommends installing provided firmware and software updates, and CISA advises minimizing network exposure, isolating control networks, and using secure remote access.
read more →

Two Critical CVSS 10.0 Flaws in Red Lion Sixnet RTUs

🔒 Claroty Team82 disclosed two critical vulnerabilities (CVE-2023-40151 and CVE-2023-42770) affecting Red Lion Sixnet SixTRAK and VersaTRAK RTUs, both rated 10.0 on the CVSS scale. One flaw is an authentication bypass that accepts unauthenticated TCP messages on port 1594; the other enables remote shell execution via the Sixnet Universal Driver (UDR), allowing commands to run as root. Chaining the issues permits unauthenticated remote root code execution, creating substantial risk to industrial automation. Users are advised to apply vendor patches, enable and correctly configure authentication, and block TCP access to affected devices immediately.
read more →

Rockwell 1715 EtherNet/IP Module: CVE-2025-9177/9178

⚠️ Rockwell Automation disclosed two remotely exploitable vulnerabilities in the 1715 EtherNet/IP Comms Module (versions 3.003 and earlier) that have a CVSS v4 base score of 7.7. One issue (CWE-770, CVE-2025-9177) allows resource exhaustion of the device web server causing a crash; the other (CWE-787, CVE-2025-9178) permits crafted CIP payloads to trigger an out-of-bounds write and loss of CIP communication. Rockwell has released firmware version 3.011 to address both flaws; operators who cannot immediately upgrade should implement recommended network segmentation, firewalling, and secure remote-access controls.
read more →

CISA Releases ICS Advisory for Rockwell 1715 Module

🔔 CISA published one Industrial Control Systems advisory on October 14, 2025, identifying a vulnerability in the Rockwell Automation 1715 EtherNet/IP Communications Module (ICSA-25-287-01). The advisory summarizes affected firmware and configurations and provides technical details to assess exposure. It recommends prioritized mitigations, including vendor updates, network segmentation, and access restrictions, and urges administrators to review and implement the guidance promptly.
read more →

Russia-Aligned Hacktivist Fooled by Water Honeypot

💧Forescout disclosed that a Russia-aligned hacktivist group, TwoNet, was tricked into attacking a honeypot designed to look like a water treatment utility. The actor accessed the HMI with default credentials and created an account named BARLATI to carry out defacement, PLC manipulation, log suppression and process disruption. Forescout said this incident reflects a broader shift from DDoS and defacement toward OT/ICS targeting and provided mitigation guidance.
read more →

Protecting Your Car from Hacking: Practical Guidance 2025

🚗 Modern vehicles increasingly rely on interconnected electronics and external services, creating multiple remote attack vectors — from CAN, LIN and OBD ports to Wi‑Fi, Bluetooth and cellular links. The article notes that attackers now often target manufacturer servers (e.g., Toyota’s 2024 data loss) and references UN R155/R156 and ISO/SAE 21434. It describes vehicle risk categories, practical buyer and setup checks, and step‑by‑step advice if you suspect a compromise.
read more →

Hacktivist Group TwoNet Targets Critical Infrastructure

🔍 Forescout observed pro‑Russian hacktivist group TwoNet compromise a realistic water‑treatment honeypot in September, moving from initial access to disruptive actions in roughly 26 hours. The attackers used default credentials and SQL enumeration, then exploited a stored XSS (CVE-2021-26829) to display the message "Hacked by Barlati," altered HMI PLC setpoints and disabled real‑time updates and logs. Researchers urge strong authentication, network segmentation, IP-based ACLs for admin interfaces, and protocol-aware detection to spot exploitation and HMI changes.
read more →

Manufacturing Under Fire: Strengthening Cyber Defenses

🔒 Manufacturers face growing, targeted cyber threats driven by legacy OT, complex supply chains, and high-value IP. Attackers increasingly use credential theft, social engineering and sophisticated malware to achieve prolonged access, data theft and ransomware extortion that can halt production and ripple across partners. Building resilience with MFA, prompt patching and continuous detection such as MDR — offering 24/7 threat monitoring, expert hunting and rapid containment — reduces downtime and strengthens supply chain security while aligning with Zero Trust principles.
read more →

CISA Issues Two ICS Advisories for Raise3D and Hitachi Energy

🔔 CISA released two Industrial Control Systems advisories on October 2, 2025, covering Raise3D Pro2 Series 3D printers (ICSA-25-275-01) and the Hitachi Energy MSM product (ICSA-25-275-02). Each advisory provides technical details on reported vulnerabilities, potential impacts to device confidentiality, integrity, or availability, and recommended mitigations including configuration changes and firmware updates where available. CISA encourages operators and administrators to review the advisories promptly, implement vendor recommendations, and apply compensating controls to reduce operational risk.
read more →

Festo EtherNet/IP Firmware Vulnerabilities — High Risk

⚠️ Festo devices running affected EtherNet/IP firmware are vulnerable to multiple remotely exploitable issues, including incorrect numeric conversions, out-of-bounds reads, and reachable assertions that can lead to denial-of-service or data disclosure. Combined CVSS scores reach up to 8.2, and successful exploitation requires low attack complexity. Festo reports no planned fixes; CISA advises minimizing network exposure, disabling EtherNet/IP when unused, isolating control networks, and using secure remote access such as up-to-date VPNs. Organizations should limit exposure, monitor EtherNet/IP activity, and report suspected incidents.
read more →

NI Circuit Design Suite Vulnerabilities — Patches Available

⚠️ CISA reports high-severity vulnerabilities in National Instruments' Circuit Design Suite that could cause memory corruption, information disclosure, or enable arbitrary code execution. Two flaws—a type confusion (CVE-2025-6033) and an out-of-bounds read (CVE-2025-6034)—affect versions 14.3.1 and earlier and carry CVSS v4 base scores of 8.4. Both issues require local access but have low attack complexity. National Instruments has released version 14.3.2 and CISA advises updating and reducing network exposure for control-system devices.
read more →

CISA Publishes Ten New ICS Advisories — Sept 30, 2025

🔔 On September 30, 2025, CISA released ten Industrial Control Systems advisories summarizing current security issues, vulnerabilities, and known exploits affecting a range of ICS products. The advisories cover MegaSys Enterprises, multiple Festo devices, OpenPLC_V3, National Instruments Circuit Design Suite, LG Innotek cameras, and updates for Keysight Ixia, HEIDENHAIN, and Rockwell Automation. Administrators are urged to review the technical details and apply recommended mitigations promptly to reduce operational risk.
read more →

Festo CPX-CEC-C1 and CPX-CMXX Privilege Flaw — Remote

⚠️ Festo CPX-CEC-C1 and CPX-CMXX devices contain an improper privilege management vulnerability (CWE-269) that permits unauthenticated remote access to critical webserver functions and may cause a denial of service. The issue is identified as CVE-2022-3079 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/A:H). Festo currently has no firmware fix planned; recommended mitigations include restricting access to TCP port 80 and replacing affected units with specified follow-up products.
read more →

Seven Nations Publish Unified OT Security Guidance

🛡️ National cybersecurity agencies from seven countries released unified operational technology (OT) security guidance on 29 September, aimed at practitioners who deploy or operate OT equipment and systems. The document is organised around five core principles and supplies step-by-step actions for OT security teams to strengthen resilience. It emphasises creating and maintaining a definitive record that covers asset classification, connectivity mapping, system architecture and third-party risks.
read more →

CISA and NCSC Joint Guidance on Securing OT Systems

🔒 CISA, the FBI, the UK NCSC, and international partners published joint guidance titled Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture. The guidance explains how organizations can use data sources such as asset inventories and manufacturer-provided resources, including software bill of materials, to create and maintain an accurate OT record. It highlights benefits like improved risk assessment, prioritization of critical and exposed systems, and stronger architectural controls, and recommends cross-team collaboration and alignment with IEC 62443 and ISO/IEC 27001.
read more →

CISA Releases One Industrial Control Systems Advisory

🔔 CISA released one Industrial Control Systems advisory on September 25, 2025 addressing Dingtian DT-R002. The advisory, ICSA-25-268-01, provides technical details on identified vulnerabilities and recommended mitigations for affected ICS devices. Administrators and operators are encouraged to review the advisory promptly and apply mitigations to reduce operational risk. This product is provided subject to CISA's Notification and Privacy & Use policies.
read more →

Dingtian DT-R002 Relay Board: Credentials Disclosure Risk

⚠️ CISA warns that the Dingtian DT-R002 relay board contains two Insufficiently Protected Credentials vulnerabilities (CVE-2025-10879, CVE-2025-10880) that allow unauthenticated attackers to retrieve a username and extract the proprietary protocol password. Both flaws affect all versions, are remotely exploitable with low complexity, and carry CVSS v4 base scores of 8.7. Dingtian has not engaged with CISA; users should restrict HTTP (TCP/80) and the Dingtian protocol on UDP/60000–60001, isolate devices from the internet, and follow ICS defensive best practices.
read more →

Foundations for OT Cybersecurity: Asset Inventory Guide

🔐 CISA and partners released Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators to help operational technology (OT) owners build accurate, prioritized asset inventories. The guide—co-developed with federal, international, and industry experts—details practical steps to classify devices, map dependencies, and integrate inventories into risk and incident response workflows. It emphasizes continuous maintenance and alignment with NIST and IEC 62443.
read more →

Viessmann Vitogate 300: OS Command Injection Risks

🚨 CISA published an advisory on September 23, 2025, describing high‑severity vulnerabilities in Viessmann's Vitogate 300 gateway. The advisory identifies an OS command injection (CWE‑78, CVE‑2025‑9494) and a client‑side enforcement bypass (CWE‑602, CVE‑2025‑9495) that can enable command modification or unexpected client–server interactions. A CVSS v4 base score of 8.7 is reported overall, and affected devices running versions prior to 3.1.0.1 should be upgraded. CISA notes these issues are not remotely exploitable and recommends updating to 3.1.0.1 and implementing network hardening controls.
read more →