On April 25, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) released two Industrial Control Systems (ICS) advisories to provide information on current security issues, vulnerabilities, and exploits related to ICS. The first advisory, ICSA-23-115-01, pertains to the Keysight N8844A Data Analytics Web Service. The advisory highlights a vulnerability that could allow a remote attacker to gain unauthorized access to sensitive data, including user credentials.
The second advisory, ICSA-23-115-02, pertains to Scada-LTS Third Party Component and warns of multiple vulnerabilities, including cross-site scripting and code injection.
CISA advises ICS users and administrators to review the advisories for technical details and mitigations. They recommend that organizations evaluate their ICS networks for these vulnerabilities and apply the necessary security updates as soon as possible.
CISA also encourages organizations to implement network segmentation to limit the impact of a successful attack and to perform regular backups to ensure business continuity.
The release of these advisories highlights the importance of maintaining the security of ICS networks, which are often used to control critical infrastructure such as power plants, water treatment facilities, and transportation systems. Vulnerabilities in these systems could lead to significant disruptions and pose a threat to public safety.
It is essential for organizations to stay informed about potential security risks and to take proactive measures to protect their ICS networks.
