Critical Infrastructure Security, Threat Management

CISA warns about industrial control system software flaws

Three separate industrial control system advisories have been issued by the Cybersecurity and Infrastructure Security Agency to warn about various security flaws in ETIC Telecom, Nokia, and Delta Industrial Automation systems, The Hacker News reports. Threat actors could exploit three vulnerabilities in ETIC Telecom's Remote Access Server, tracked as CVE-2022-3703, CVE-2022-41607, and CVE-2022-40981, to procure sensitive data and facilitate device compromise, according to CISA. All vulnerabilities impact ETIC Telecom RAS 4.5.0 and earlier versions and have already been addressed in version 4.7.3. Meanwhile, Nokia's ASIK AirScale 5G Common System Module is being impacted by three flaws, tracked as CVE-2022-2482, CVE-2022-2483, and CVE-2022-2484, which could be leveraged for execution of arbitrary code and secure boot functionality disruption. "Successful exploitation of these vulnerabilities could result in the execution of a malicious kernel, running of arbitrary malicious programs, or running of modified Nokia programs," said CISA, which said that mitigation instructions have already been issued by Nokia. CISA also noted that Delta Industrial Automation's DIALink offerings have been affected by a path traversal bug, tracked as CVE-2022-2969, which has been addressed in version Beta 4.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.