CISA: Advantech, Hitachi industrial appliances hit with critical bugs

The Cybersecurity and Infrastructure Security Agency has advised that Advantech's R-SeeNet and Hitachi Energy's APM Edge industrial control systems are being impacted by severe vulnerabilities, reports The Hacker News. Threat actors could exploit three security flaws in R-SeeNet two of which are stack-based buffer overflow bugs, tracked as CVE-2022-3385 and CVE-2022-3386, and the other being a path traversal vulnerability, tracked as CVE-2022-3387 to facilitate remote file deletion or remote code execution, according to CISA. Advantech has already issued fixes for the flaws on September 30. Meanwhile, Hitachi Energy Transformer Asset Performance Management Edge products are affected by 29 security flaws originating from OpenSSL, libxml2, LibSSL, and GRUB2 bootloader vulnerabilities. CISA has recommended users of the affected products to apply the APM Edge version 4.0 update to fix the flaws. ICS product flaws reported to CISA have totaled 681 for the first six months of 2022, with 54 of the 441 critical or high-severity vulnerabilities not having any patches, a report from SynSaber found.