CISA Issues Alert on Vulnerabilities in Industrial Control Systems

Published:

spot_img

Critical Vulnerabilities in Industrial Control Systems: CISA Advisories ICSA-25-091-01 and ICSA-24-331-04

CISA Issues Urgent Advisories on Critical Infrastructure Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two urgent advisories regarding vulnerabilities in Industrial Control Systems (ICS) that pose significant risks to critical infrastructure. The advisories, identified as ICSA-25-091-01 and ICSA-24-331-04, aim to alert organizations to current security threats and necessary mitigations.

The first advisory, ICSA-25-091-01, highlights a severe vulnerability in Rockwell Automation’s Lifecycle Services integrated with Veeam Backup and Replication. This flaw, related to the deserialization of untrusted data, has been assigned a CVSS v4 score of 9.4, indicating a high risk of exploitation. Attackers could potentially execute arbitrary code on affected systems, leading to complete system compromise. CISA urges organizations to minimize network exposure, utilize secure access methods like VPNs, and keep their systems updated to mitigate risks.

In the second advisory, ICSA-24-331-04, CISA addresses multiple vulnerabilities in Hitachi Energy’s MicroSCADA Pro/X SYS600 system, crucial for the manufacturing and energy sectors. The most critical flaw, CVE-2024-4872, has a CVSS v3 score of 9.9, allowing authenticated attackers to inject malicious code, compromising data integrity and unauthorized access to sensitive functions. Other vulnerabilities could enable file manipulation essential to system operations.

CISA emphasizes the importance of immediate action, urging users to implement mitigations and apply patches released by Hitachi Energy for affected versions. As cyber threats continue to evolve, organizations are reminded to stay vigilant and proactive in securing their critical infrastructure against potential attacks.

spot_img

Related articles

Recent articles

Nichirei Cyberattack Disrupts KFC Japan Operations and Frozen Food Supply

Nichirei Cyberattack Disrupts KFC Japan Operations and Frozen Food Supply A recent cyberattack on Nichirei Corporation has significantly disrupted food deliveries across Japan, particularly impacting...

Thinking Machines Strengthens Enterprise AI Landscape with Launch of Customizable Open Weight Model Inkling

Thinking Machines Strengthens Enterprise AI Landscape with Launch of Customizable Open Weight Model Inkling In a significant development for the enterprise artificial intelligence sector, Thinking...

Fraud Surges in UAE This Summer: Holidaymakers Targeted by AI-Driven Scams and Fake Offers

Fraud Surges in UAE This Summer: Holidaymakers Targeted by AI-Driven Scams and Fake Offers As the summer season prompts residents of the UAE to embark...

Consolidation Strengthens Cybersecurity in the MENA Region Amid Rising Threats

Consolidation Strengthens cybersecurity in the MENA Region Amid Rising Threats Cybersecurity leaders are navigating an increasingly complex landscape, facing mounting pressure from regulatory bodies, evolving...