"New CISA Advisories Warn of ICS Vulnerabilities"
The US Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories warning of ICS vulnerabilities in the Horner Automation Cscape software and the Mitsubishi Electric GOT. The control system application programming software Cscape contains two flaws that affect all versions before 9.90 SP4. One of these vulnerabilities stems from the improper validation of user-supplied data when parsing project files and could result in memory corruption. The exploitation of this flaw could allow an attacker to execute code in the context of the current process. The second vulnerability is described as an improper access control flaw as the Cscape software is installed for all users by default, allowing full permissions, including read and write access. This flaw could let unprivileged users alter configuration files, binaries, and more. Another vulnerability found in Mitsubishi's Graphic Operation Terminal (GOT) is an improver authentication flaw. This article continues to discuss the severity and potential impact of vulnerabilities discovered in Cscape control system application programming software and the Mitsubishi Electric GOT.
Dark Reading reports "New CISA Advisories Warn of ICS Vulnerabilities"