Grundfos CIM 500 (ICSA-20-189-01) – Product Used in the Water Sector

CISA has published an advisory on missing authentication for critical function and unprotected storage of credentials vulnerabilities in Grundfos CIM 500. All versions prior to v06.16.00 are affected. Successful exploitation of these vulnerabilities could allow access to cleartext credential data. Grundfos recommends updating to firmware v06.16.00 and to change user credentials after updating. CISA also recommends a series of measures to mitigate the vulnerabilities. Access the advisory at CISA.