On August 22, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued four more advisories related to industrial control systems. The advisories are applicable to four different industrial control products, explain the risk of the vulnerability (e.g., “successful exploitation of these vulnerabilities could allow an attacker to compromise availability, integrity, and confidentiality of the targeted
vulnerabilities
CISA Issues Two Industrial Control Systems Advisories
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued “timely information about current security issues, vulnerabilities, and exploits surrounding” Industrial Control Systems (ICS).
The Advisories provide background on the vulnerabilities, and the manufacturers’ releases for remediation and mitigation to implement to protect against the vulnerabilities, which Industrial Control Systems operators may wish to consult. The…
CISA Issues 2022 Top Routinely Exploited Vulnerabilities
In its continued effort to keep the industry apprised of threats facing companies in the U.S., CISA recently issued a Cybersecurity Advisory: 2022 Top Routinely Exploited Vulnerabilities that is helpful to get up to speed on top threats, emerging threats, and intelligence of vulnerabilities being exploited by threat actors. It also provides recommendations to…
Patch Adobe ColdFusion Vulnerabilities Being Exploited in the Wild ASAP
Adobe has issued alerts on three vulnerabilities affecting its ColdFusion product. The first alert, issued on July 11, 2023, announced patches for CVE-2023-29298, an improper access control issue that can lead to a security feature bypass, and CVE-2023-29300, a deserialization issue that can be exploited for arbitrary code execution.
On July 14, Adobe announced patches…
CISA Issues Three Advisories for Industrial Control Systems
On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell ArmorStart, and Rockwell Automation Factory Talk Vantagepoint.
The Snap One vulnerabilities, if exploited, “could allow an attacker to impersonate and claim devices, execute arbitrary…