Three separate industrial control system advisories have been issued by the Cybersecurity and Infrastructure Security Agency to warn about various security flaws in ETIC Telecom, Nokia, and Delta Industrial Automation systems, The Hacker News reports.
Threat actors could exploit three vulnerabilities in ETIC Telecom's Remote Access Server, tracked as CVE-2022-3703, CVE-2022-41607, and CVE-2022-40981, to procure sensitive data and facilitate device compromise, according to CISA.
All vulnerabilities impact ETIC Telecom RAS 4.5.0 and earlier versions and have already been addressed in version 4.7.3. Meanwhile, Nokia's ASIK AirScale 5G Common System Module is being impacted by three flaws, tracked as CVE-2022-2482, CVE-2022-2483, and CVE-2022-2484, which could be leveraged for execution of arbitrary code and secure boot functionality disruption.
"Successful exploitation of these vulnerabilities could result in the execution of a malicious kernel, running of arbitrary malicious programs, or running of modified Nokia programs," said CISA, which said that mitigation instructions have already been issued by Nokia.
CISA also noted that Delta Industrial Automation's DIALink offerings have been affected by a path traversal bug, tracked as CVE-2022-2969, which has been addressed in version 18.104.22.168 Beta 4.
Florida's St. Johns River Water Management District has disclosed a cyberattack impacting its technology environment during the past week, according to The Record, a news site by cybersecurity firm Recorded Future.