Patching Vulnerabilities is Hard, Exploiting Unpatched Vulnerabilities…Not So Much

WaterISAC is aware of several reports of threat actors leveraging multiple vulnerabilities to exploit unpatched systems in the water and wastewater sector. Members are encouraged to review and address the following vulnerability advisories and updates for products used within their environments.

Note: these advisories are not new activity, but due to continuously observed exploitation of unpatched systems across critical infrastructure entities, including the water and wastewater sector, it is prudent that these advisories be addressed if they have not been already.

• Ivanti Pulse Connect Secure SSL VPN
• Fortinet FortiOS
• VMWare vCenter Servers
• SonicWall Email Security (ES)
• Microsoft Exchange Server (on-premise)
• TrendMicro Apex One and OfficeScan XG