Tech »  Topic »  CISA Highlights Four ICS Flaws Being Actively Exploited

CISA Highlights Four ICS Flaws Being Actively Exploited

1 week, 6 days ago   gbhackers

The Cybersecurity and Infrastructure Security Agency (CISA) released four significant Industrial Control Systems (ICS) advisories, drawing attention to potential security risks and vulnerabilities affecting various industrial control equipment.

These advisories underscore the imperative for prompt action to mitigate these threats, which are being actively exploited in the field.

ABB RMC-100 Vulnerability

  1. Vulnerability Overview:
    • CVE-2022-24999: A Prototype Pollution vulnerability affects the web UI of ABB’s RMC-100 equipment when the REST interface is enabled. This flaw can cause a denial-of-service (DoS) if exploited by sending a specially crafted message, requiring a restart of the interface.
    • Affected Versions: RMC-100 versions 2105457-036 to 2105457-044 and RMC-100 LITE versions 2106229-010 to 2106229-016.
    • Risk Evaluation: Successful exploitation would only temporarily disrupt the system but could compromise service availability and constitute a significant security incident.
  2. Mitigation Measures:
    • Update the REST interface to the latest version.
    • Monitor the system for unusual activity.
    • Implement additional access controls to ...

Copyright of this story solely belongs to gbhackers . To see the full text click HERE