"Advisory Issued on Industrial Control Links ScadaFlex II SCADA Controllers"

Unauthenticated remote attackers could overwrite, delete, or create files on Industrial Control Links (ICL) ScadaFlex II SCADA Controller SC-1 and SC-2 devices. This enables an attacker to perform critical CREATE, READ, UPDATE and DELETE (CRUD) file operations on the device, which could allow system access and impact availability. US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) advises users to take precautions to reduce the risk of exploitation of this vulnerability. Specifically, users should minimize network exposure for all control system devices and/or systems, ensuring that they are inaccessible from the Internet. They should also place remote devices behind firewalls, isolate them from business networks, and more. Before deploying defensive measures, CISA advises organizations to conduct a thorough impact analysis and risk assessment. This article continues to discuss CISA's warning regarding the potential exploitation of a vulnerability impacting ICL ScadaFlex II SCADA Controller SC-1 and SC-2 devices. 

HSToday reports "Advisory Issued on Industrial Control Links ScadaFlex II SCADA Controllers"