"CISA Warns of Critical ICS Flaws in Hitachi, mySCADA, ICL, and Nexx Products"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has released eight advisories regarding critical vulnerabilities in Industrial Control Systems (ICS) products from Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx. One of the vulnerabilities, tracked as CVE-2022-3682, affects Hitachi Energy's MicroSCADA System Data Manager SDM600 and could allow an attacker to assume remote control of the product. A flaw in the validation of file permissions allows an adversary to upload a specially crafted message to the system, leading to the execution of arbitrary code. Another set of five critical vulnerabilities involves command injection bugs present in mySCADA myPRO versions 8.26.0 and prior. The successful exploitation of these vulnerabilities could enable an authenticated user to inject arbitrary operating system commands, CISA warned, urging users to upgrade to version 8.29.0 or higher. Industrial Control Links ScadaFlex II SCADA Controllers contain a critical security flaw that could enable an authenticated attacker to overwrite, delete, or create files. This article continues to discuss CISA's warning of critical ICS flaws.

THN reports "CISA Warns of Critical ICS Flaws in Hitachi, mySCADA, ICL, and Nexx Products"