InfoSecBulletin Cybersecurity for mankind
On December 5, 2024, CISA issued two advisories regarding Industrial Control Systems (ICS). These advisories highlight current security issues, vulnerabilities, and exploits in ICS.
Vulnerabilities found in AutomationDirect’s C-More EA9 Programming Software and Planet Technology’s WGS-804HPT switch could severely threaten critical infrastructure if exploited.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
ICSA-24-340-01 AutomationDirect C-More EA9 Programming Software:
Exploiting these vulnerabilities could lead to memory corruption and allow remote code execution through a buffer overflow.
ICSA-24-340-02 Planet Technology Planet WGS-804HPT:
Exploiting these vulnerabilities could lead to remote code execution.
These vulnerabilities pose serious risks to industrial control systems, prompting vendors and users to quickly implement patches, firmware updates, and secure configurations.
These advisories highlight the increasing risks that ICS devices and software encounter in a changing threat environment.
Vendors and users should work together to fix vulnerabilities by implementing timely updates, strong access controls, and proactive monitoring.
CISA’s report emphasizes the importance of staying alert to secure industrial environments.
