CISA warns over software flaws in industrial control systems

The US Cybersecurity and Infrastructure Agency (CISA) has warned organizations to check recently disclosed vulnerabilities affecting operational technology (OT) devices that should but aren’t always isolated from the internet. 

CISA has released released five advisories covering multiple vulnerabilities affecting industrial control systems discovered by researchers at Forescout. 

Forescout this week released its report “OT:ICEFALL”, which covers a set of common security issues in software for operational technology (OT) devices. The bugs they disclosed affect devices from Honeywell, Motorola, Siemens and others. 

OT is a subset of the Internet of Things (IoT). OT covers industrial control systems (ICS) that may be connected to the internet while the broader IoT category includes consumer items like TVs, doorbells, and routers. 

Forescout detailed the 56 vulnerabilities in a single report to highlight these common problems.

CISA has released five corresponding Industrial Controls Systems Advisories (ICSAs) which it said provide notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.  

The advisories include details of critical flaws affecting software from Japan’s JTEKT, three flaws affecting devices from US vendor Phoenix Contact, and one affecting products from German firm Siemens.  

The ICSA-22-172-02 advisory for JTEKT TOYOPUC details missing authentication and privilege escalation flaws.

Read More: