The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two Industrial Handle Techniques (ICS) advisories pertaining to critical flaws in Advantech R-SeeNet and Hitachi Strength APM Edge appliances.
This is made up of 3 weaknesses in the R-SeeNet monitoring answer, successful exploitation of which “could outcome in an unauthorized attacker remotely deleting data files on the method or allowing for remote code execution.”
The listing of issues, which influence R-SeeNet Versions 2.4.17 and prior, is as follows –
- CVE-2022-3385 and CVE-2022-3386 (CVSS scores: 9.8) – Two stack-centered buffer overflow flaws that could guide to distant code execution
- CVE-2022-3387 (CVSS score: 6.5) – A path traversal flaw that could help a distant attacker to delete arbitrary PDF information
Patches have been produced out there in version R-SeeNet model 2.4.21 produced on September 30, 2022.
Also released by CISA is an update to a December 2021 advisory about various flaws in Hitachi Power Transformer Asset Effectiveness Management (APM) Edge items that could render them inaccessible.
The 29 vulnerabilities, collectively assigned a CVSS rating of 8.2, stem from security holes in open up source application factors these types of as OpenSSL, LibSSL, libxml2, and GRUB2 bootloader. Buyers are encouraged to update to APM Edge version 4. to remediate the bugs.
The twin alerts arrive significantly less than a 7 days following CISA posted 25 ICS advisories on October 13, 2022, spanning a number of vulnerabilities throughout units from Siemens, Hitachi Vitality, and Mitsubishi Electric.
According to OT cybersecurity and asset monitoring business SynSaber, 681 ICS product or service vulnerabilities were being claimed by using CISA in the to start with 50 % of 2022, out of which 152 are rated Critical, 289 are rated Substantial, and 2015 are rated Medium in Severity.
What’s far more, 54 of the Critical/Large-rated CVEs have no patch or any mitigation offered from the sellers, accounting for 13% of the full noted flaws and remaining “eternally-working day vulnerabilities.”
“It truly is crucial for asset house owners and individuals defending critical infrastructure to realize when remediations are out there, and how those remediations need to be applied and prioritized,” SynSaber reported.
Discovered this posting exciting? Follow THN on Facebook, Twitter and LinkedIn to go through much more exceptional written content we publish.
Some parts of this article are sourced from:
thehackernews.com