HomeUpdateWhy did CISA give back to back alerts for a bug in...

Why did CISA give back to back alerts for a bug in this device?

-

We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 28/02/2022 by Nidhi Khandelwal

Schneider Electric’s Easergy medium voltage protection relays are vulnerable to several vulnerabilities, according to the US Cybersecurity and InfrastructureSchneider Electric patched the weaknesses detected and reported by Red Balloon Security researchers Timothée Chauvin, Paul Noalhyt, and Yuan Shi Wu as part of updates released on January 11, 2022.

Why did CISA give back to back alerts for a bug in this device? 1

The warning comes less than ten days after CISA issued another alert warning of multiple critical vulnerabilities in Schneider Electric’s Interactive Graphical SCADA System (IGSS) that, if exploited, could lead to “data disclosure and loss of control of the SCADA system with IGSS running in production mode.” Security Agency (CISA).

“Successful exploitation of these vulnerabilities may reveal device credentials, trigger a denial-of-service scenario, device reboot, or allow an attacker to acquire full control of the relay,” according to a notice issued by the agency on February 24, 2022. “Your electrical network’s protection may be compromised as a result of this.”

Why did CISA give back to back alerts for a bug in this device? 2

In related news, the US Federal Bureau of Investigation has issued a security alert for General Electric’s Proficy CIMPLICITY SCADA software, warning of two security flaws that might be exploited to divulge sensitive information, gain code execution, and escalate local privileges.

The advisories follow a report from industrial cybersecurity firm Dragos that found that 24 percent of the total 1,703 ICS/OT vulnerabilities reported in 2021 had no patches available, with 19 percent having no mitigation, preventing operators from taking any steps to protect their systems from potential threats.

Dragos also discovered malicious activity from three new groups that were discovered targeting ICS systems last year, including Kostovite, Erythrite, and Petrovite, which each targeted the OT environments of renewable energy, electrical utility, and mining and energy firms in Canada, Kazakhstan, and the United States.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

edge-ai

Challenges and Opportunities in Deploying AI Solutions in Edge Computing Environments

0
Edge AI is a ground-breaking new paradigm that has the potential to completely change how companies run. Organizations can seize new chances for creativity,...