Cybersecurity

As this holiday season approaches, the DHS Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes. CISA encourages users to remain vigilant and take the following precautions:

CISA has published an advisory on an uncontrolled resource consumption vulnerability in Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules. Numerous versions of these products are affected. Successful exploitation of this vulnerability may prevent the FTP client from connecting to the FTP server on MELSEC-Q Series and MELSEC-L Series CPU module. Only FTP server function is affected by this vulnerability. Mitsubishi Electric has produced a new version of the firmware. It also strongly recommends that users operate the affected device behind a firewall.

CISA has published an advisory on a use of obsolete function vulnerability in Omron CX-Supervisor. Versions 3.5 (12) and prior are affected. Successful exploitation of this vulnerability could result in information disclosure, total compromise of the system, and system unavailability. Omron recommends users update to CX-Supervisor 3.51 (9). CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has just released version 9.2 of its Cyber Security Evaluation Tool (CSET). CSET is a desktop software tool intended to guide asset owners and operators through a consistent process for evaluating control system networks as part of a comprehensive cybersecurity assessment that uses recognized government and industry standards and recommendations.