The US Cyber Security and Infrastructure Agency (CISA) on Tuesday released an Industrial Control System (ICS) adviser on a critical flaw affecting the ME RTU remote terminal unit.
Security vulnerability, tracked as CVE-2023-2131has received the highest severity rating of 10.0 on the CVSS rating system due to its low attack complexity.
Security researcher Floris Hendriks of Radboud University has been credited with reporting the matter to CISA.
Also published by CISA is a warning relates to several known security flaws in Intel(R) processors impacting Mitsubishi Electric’s Factory Automation (FA) products that may result in privilege escalation and denial-of-service (DoS) conditions.
Development comes as an agent recommended critical infrastructure organizations to take the necessary steps to secure supply chains by reviewing the Federal Communications Commission (FCC) Closed List of communications equipment deemed a national security risk.
CISA has also urged entities to adopt guidance issued by NIST for identifying, assessing, and mitigating supply chain risks, and registering for the agency’s free program. Vulnerability Scanning Service to define vulnerable and high-risk devices.
Further follows effort by cyber security authorities in Australia, Canada, the UK, Germany, the Netherlands, New Zealand and the US to “take the urgent steps necessary to deliver products designed by default and securely”.