Dangerous gaps threaten the security of critical infrastructures
Attackers could attack industrial control systems and, in the worst case, gain full control. Security updates are available.
Admins of Industrial Control Systems (ICS) from different manufacturers should update the software as soon as possible. This should be done quickly, especially in the area of critical infrastructures, otherwise attackers could gain access to systems via security gaps, some of which are classified as critical.
The US security authority Cybersecurity & Infrastructure Security Agency (CISA) warns of this. The warning applies globally: The systems are used worldwide. Specifically affected are ARC Informatique PcVue, Delta Industrial Automation DIALink, Hitachi Energy RTU500, Illumina Local Run Manager, Measure ScadaPro Server, Measure ScadaPro Server and Client and myScada Pro.
Critical gaps with maximum rating
The most dangerous are considered several “critical‘ Vulnerability (CVE-2022-1517, CVE-2022-1518, CVE-2022-1519) in Illumina Local Run Manager with a maximum CVSS Score of 10 out of 10. The software is found in the NextSeq 550Dx and iSeq 100 devices and instruments, among others instrument to use. After successful attacks, an attacker could gain full control over devices without logging in.
myScada myPro is also characterized by a “critical‘ vulnerability (CVE-2022-2234) at risk. Here, an attacker could execute his own commands at the operating system level. By successfully exploiting a “critical“ Vulnerability in Delta Industrial Automation DIALink, an attacker could access a hard-coded cryptographic key and thereby decrypt sensitive information. Equipped with this, you could completely compromise system.
