The Download
In a new advisory to industrial plants, CISA warns that industrial control systems (ICS) are vulnerable to remote exploitation. In particular, CISA warns of vulnerabilities in two industrial control systems from Unitronics and Mitsubishi can be exploited by adversaries to take control of programmable logic controllers (PLCs) that in turn control physical plant in industrial control systems.
Unitronics Vision Series PLC vulnerability, CVE-2024-1470, with severity 8.7, can be remotely exploited to recover passwords in clear text. Mitsubishi vulnerability CVE-2021-20599, with rating 9.1, transmits passwords in cleartext, which can be intercepted.
What You Can Do
The FBI has warned congress that China and other foreign adversaries are intent on compromising US critical infrastructure including industrial systems. Sensitive systems like ICS accessible from the Internet is a network design problem. It is vital these are not internet accessible. The critical infrastructure companies themselves need to implement robust attack surface management programs.
To Learn More: