HQ/EMEAFind out how we can help your business
Last week, the United States Cybersecurity and Infrastructure Security Agency published a couple of Industrial Control System advisories about some critical vulnerabilities that could impact industrial appliances.
Based on reports, critical flaws exist in the Advantech R-SeeNet and Hitachi Energy APM Edge appliances that could provide attackers with remote code execution (RCE).
The R-SeeNet monitoring solution has three critical vulnerabilities that could result in a data breach attack from hackers. Hence, a potential hacker could remotely delete files on the infected system or allow RCE.
The affected version of the R-SeeNet entity is the 2.4.17 patch and older. Analysts revealed that the first flaw tracked by them as CVE-2022-3387 is a path traversal weakness that could allow an adversary to remove arbitrary files.
In addition, two more flaws (CVE-2022-3385 and CVE-2022-3386) could obtain two stack-based buffer overflow vulnerabilities that could end up in remote code execution. Updates have been made available in R-SeeNet version 2.4.21, released last month.
CISA also disclosed flaws in the Hitachi industrial appliances.
December last year, the same agency also disclosed updates regarding several flaws in the Hitachi industrial appliances, especially in the Energy Transformer Asset Performance Management Edge products.
The flaws could compromise the products and render them inaccessible to their owner or user. As of now, there are nearly 30 identified flaws, and all have a CVSS score of 8.2. Most have an OpenSSL, GRUB2 bootloader, libxml2, and LibSSL.
Experts urge Hitachi users to update their APM Edge 4.0 to the latest version to eliminate the bugs.
The alerts were released by CISA last week after several vulnerabilities were found by researchers in the appliances offered by multiple companies. According to a separate researcher, nearly 700 ICS product flaws were reported by the US cybersecurity agency in the first six months of this year. Analysts rated one hundred fifty of the noted flaws as critical, 289 are highly dangerous, 205 are average, and 35 are low in severity.
As of now, users should apply advice from law enforcement agencies and cybersecurity researchers to mitigate the chances of getting exploited by potential hackers.
