Critical Infrastructure Security

CISA: Several ICS products impacted by critical flaws

Several advisories have been issued by the Cybersecurity and Infrastructure Security Agency warning about critical vulnerabilities in Sewio, Siemens, Sauter Controls, and InHand Networks industrial control systems, according to The Hacker News. CISA noted that Sewio's RTLS Studio is impacted by the most severe vulnerabilities, including CVE-2022-45444, which could be leveraged to provide unrestricted device access to remote attackers. Threat actors could also exploit command injection flaws, tracked as CVE-2022-47911 and CVE-2022-43483, as well as an out-of-bounds write bug, tracked as CVE-2022-41989, for code execution or denial-of-service condition. Users of vulnerable instances RTLS Studio version 2.0.0 up to and including version 2.6.2 have been urged to update to version 3.0.0 or later. Another alert detailed five vulnerabilities in InHand Networks' InRouter 302 and InRouter 615, which could be chained to enable total compromise of cloud-managed instances. Threat actors could also exploit a cross-site scripting vulnerability in Siemens Mendix SAML equipment, tracked as CVE-2022-46823, to obtain sensitive data, according to CISA.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.