acm-header
Sign In

Communications of the ACM

ACM TechNews

CISA Warns of Critical Vulnerabilities in Industrial Control System Software


The CISA logo.

Israeli industrial cybersecurity firm OTORIO has been credited with discovering and reporting the flaws.

Credit: U.S. Cybersecurity and Infrastructure Security Agency

Three Industrial Control Systems advisories have been issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) regarding numerous vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation.

These include a set of three flaws involving ETIC Telecom software, including one arising from the inability of its Remote Access Server's (RAS) web portal to verify firmware authenticity, a directory traversal bug in the RAS API, and a file upload issue.

CISA also issued advisories for three flaws in Nokia's ASIK AirScale 5G Common System Module, and a path traversal vulnerability affecting Delta Industrial Automation's DIALink products.

From The Hacker News
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found