The Cybersecurity and Infrastructure Security Agency (CISA) has issued eight advisories highlighting critical vulnerabilities in industrial control systems (ICS) equipment from Delta Electronics and Rockwell Automation. Delta Electronics’ InfraSuite Device Master has been found to have 13 security vulnerabilities that could allow an unauthenticated attacker to execute arbitrary code. The most significant flaw, CVE-2023-1133, scores 9.8 on the CVSS scale, and allows an unauthenticated remote attacker to execute arbitrary code by sending unverified UDP packets. The Rockwell Automation ThinManager ThinServer has been found to contain path traversal flaws that permit unauthenticated remote attackers to upload arbitrary files and trojanized versions of executable files. These vulnerabilities, especially CVE-2023-28755, could result in remote code execution on the target device. To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net
Source: The Hacker News