One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8649191 |
| Date de publication | 2025-02-20 10:10:49 (vue: 2025-02-20 11:08:01) |
| Titre | CISA Vulnerability Advisories Reveal Complexity of ICS Products (Recyclage) |
| Texte | 
Overview
Cyble\'s weekly industrial control system (ICS) vulnerability report to clients examined 122 ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities pulled from 22 recent advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The 122 vulnerabilities affect products from seven vendors across nine critical sectors, ranging from energy and healthcare to wastewater systems, transportation, manufacturing, food and agriculture, chemicals, and commercial facilities. Nine of the vulnerabilities are rated critical.
One interesting aspect of the advisories is how many of the ICS vulnerabilities come from third-party components that weren\'t made by the ICS vendor, revealing the complexity and vulnerability of these critical systems.
Four Critical Siemens Vulnerabilities
Siemens had the highest number of vulnerabilities in the CISA advisories, 100 in all, but only four were rated critical-and all of the critical vulnerabilities came from non-Siemens components.
Two of the critical vulnerabilities affect Siemens Opcenter Intelligence, a manufacturing intelligence platform used to improve manufacturing processes and stem from vulnerabilities in the Java OpenWire protocol marshaller (CVE-2023-46604, a 9.6-severity Deserialization of Untrusted Data vulnerability) and the Tableau Server Administration Agent\'s internal file transfer service (CVE-2022-22128, a 9.0-rated Path Traversal vulnerability). Opcenter Intelligence versions prior to V2501 are affected.
CISA addressed those vulnerabilities in a February 13 advisory, noting that “Successful exploitation of these vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 01e 100 122 2022 2023 2024 2025 22128 24861 25281 26473 28578 300x150 420 45853 46604 5410 5411 access accessed acquisition across actors adapt additional addressed administration administrator adopting advisories advisory affect affected agency agent agriculture alerts all allow allowing allows along among applying approach arbitrary are aspect assessment assessments assets attacker attacks attempts authentication automating automation available based battery better blogs bodies buffer but came can caption= cause change chemicals cisa click clients code com/wp come command commercial communication complex complexity components comprehensive compromise concept conclusion condition conducting connectivity consistency content/uploads/2025/02/cyble control controls core corruption could covers critical cross crucial cve cyber cybersecurity cyble damage data day denial deployment deserialization designed details developing devices domain done due effective efficiency employee employees enable enables energy ensure ensuring environments escalate especially essential establishing examined execute execution exploitation exploited exploiting exposed exposing exposure external facilities facing february file file= firmware focus following food former four from full gaps get given good had have hazards healthcare heap help here high highest how https://cyble hygiene iap ics identify image immediate implementing importance important improve improving incident include include: included includes increasing increasingly industrial information infrastructure inject injection insights integer integrity intelligence interesting internal internet inventory inverter issued issues its java jpg landscape large later lateral latest latter layered like likelihood limit limiting made maintain maintaining malicious management manufacturing many marshaller measures medical medium memory might minimize minizip mitigating mitigations mojave movement multi multiple must nature network networks nine non not noted noting now number observed offered one ongoing only opcenter openwire operational operations organizations oring other outback overall overflow overview part particularly party passwords patch patched patching path patients penetration phishing plan platform points policy pose possible potential power practices prevent prior privileges procedures processes products programs proof proper properly protected protecting protocol public pulled qualcomm ranging rated recent recognizing recommendations recommends reduce reduces regardless regular regularly regulatory remote remotely renewable report requests required resilience response resultant reveal revealing right risk said scada scalance scripting scrutinized second sector sectors securing security segmentation sensitive server service services seven several severity should siemens site solar solution staying stem strategy successful such supervisory system systems tableau technology tested testing them these third those threat threats timely title= tools top traffic training transfer transportation traversal trust two unauthorized undergo understanding untrusted updated updates upgrade urged used users utilities v2501 validated vendor vendors verification versions vulnerabilities vulnerability vulnerable w700 wastewater weekly well weren which wireless wlan working xss zero zlib “successful |
| Tags | Tool Vulnerability Patching Industrial Medical Commercial |
| Stories | |
| Move | 
|
Les reprises de l'article (1):
| Source | Cyble |
|---|---|
| Identifiant | 8648345 |
| Date de publication | 2025-02-13 11:15:54 (vue: 2025-02-13 12:08:26) |
| Titre | Cyble Warns of Exposed Medical Imaging, Asset Management Systems (Recyclage) |
| Texte | >
Overview
Cyble\'s weekly industrial control system (ICS) vulnerability report to clients warned about internet-facing medical imaging and critical infrastructure asset management systems that could be vulnerable to cyberattacks.
The report examined six ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities in total, but it focused on two in particular after Cyble detected web-exposed instances of the systems.
Orthanc, Trimble Cityworks Vulnerabilities Highlighted by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued advisories alerting users to vulnerabilities in medical imaging and asset management products.
Orthanc is an open-source DICOM server used in healthcare environments for medical imaging storage and retrieval, while Trimble Cityworks is a GIS-centric asset management system used to manage all infrastructure assets for airports, utilities, municipalities, and counties.
In a February 6 ICS medical advisory, CISA said the Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled, which could result in unauthorized access by a malicious actor. The Missing Authentication for Critical Function vulnerability, CVE-2025-0896, has been assigned a CVSS v3.1 base score of 9.8, just below the maximum score of 10.0.
Orthanc recommends that users update to the latest version or enable HTTP authentication by setting the configuration "AuthenticationEnabled": true in the configuration file.
Cyble provided a publicly accessible search query for its ODIN vulnerability search tool, which users can use to find potentially vulnerable instances.
“This flaw requires urgent attention, as Cyble researchers have identified multiple internet-facing Orthanc instances, increasing the risk of exploitation,” the Cyble report said. “The exposure of vulnerable instances could allow unauthorized access to sensitive medical data, manipulation of imaging records, or even unauthorized control over the server. Given the high stakes in healthcare cybersecurity, immediate patching to version 1.5.8 or later, along with restricting external access, is strongly recommended to mitigate potential threats. |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | has vulnerabilities 0896 0994 2025 a zero about access accessed accessible acquisition across actor actors adapt added additional adopting advisories advisory affects after agency airports alerting alerts all allow along also an incident applying approach are assessment assessments asset assets assigned attacker attention authentication authenticationenabled automating base based basic been below better bodies but by cyble by threat can cases catalog centric check cisa cityworks cityworks versions click here clients companion complex comprehensive conclusion conducting configuration consistency control controls could counties covers critical cve cvss cyber cyberattacks cybersecurity cyble damage danger data day default deployment deserialization details detected developing dicom does effective efficiency employee employees enable enabled ensure ensuring environments especially essential establishing even examined exploitation exploited exposed exposure external facing february file find flaw focus following full function gaps gis given good guidance hash have healthcare help high highlighted http hygiene ics identified identify imaging immediate implementing importance important improve improving include: includes increasing increasingly industrial infrastructure insights instances intelligence internal internet inventory issued it focused its just known landscape later lateral latest layered like limit limiting maintain maintaining malicious manage management management reduces the manipulation maximum measures medical might minimize missing mitigate mitigating mitigation movement multi multiple municipalities must network networks not now observed odin offered office ongoing ongoing cybersecurity training open operational operations organizations orthanc other over overall overview particular particularly patch patched patching patients penetration plan and policy pose possible potential potentially practices prevent prior procedures processes products programs proper properly protected protecting provided publicly query quickly rapidly rated recognizing phishing attempts recommendations recommended recommends records reduce regardless regular regularly regulatory remote remotely report reported required requires researchers resilience responded response restricting result retrieval right risk said same scada score scrutinized search sector securing security segmentation sensitive server setting several should show six source stakes staying storage strategy strongly subscribers such supervisory system systems technology tested testing the latest these those threats timely to cyber to vulnerability tool tools top total traffic training trimble true trust two unauthorized undergo understanding untrusted update updated urgent use used users utilities validated vendors verification version version or versions vulnerabilities vulnerability vulnerable warned warns web weekly when which working “the “this |
| Tags | Tool Vulnerability Threat Patching Industrial Medical |
| Stories | |
| Move |
|
L'article ne semble pas avoir été repris sur un précédent.