CISA has published an advisory on missing authentication for critical function, improper ownership management, and inadequate encryption strength vulnerabilities in Emerson OpenEnterprise. All versions through 3.3.4 are affected. Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or access passwords for OpenEnterprise user accounts. Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5), to resolve these issues. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
H2OSecCon Spring 2024 - featuring panels and briefings on cybersecurity, physical security, operational resilience, and more - is on May 23. REGISTER NOW!