The Cybersecurity and Infrastructure Security Agency (CISA) issues an urgent alert concerning severe vulnerabilities in ProPump and Controls’ Osprey Pump Controller, with a CVSS v3 score of 9.8, indicating a high level of risk. These vulnerabilities include insufficient entropy, unauthenticated OS command injections, use of hard-coded passwords, and more, which, if exploited, could lead to unauthorized access, data manipulation, and potential denial-of-service incidents. The affected version is Osprey Pump Controller prior to release 20230518.
CISA emphasizes the critical need for users to take immediate action to address these vulnerabilities. Successful exploitation could grant attackers administrative control over the pump controller, jeopardizing operational integrity. The agency recommends upgrading to Osprey Pump Controller release 20230518 to mitigate these risks effectively. Furthermore, users are advised to follow best practices, such as restricting remote access and implementing secure configurations, to enhance overall cybersecurity posture.
Reference:
