CISA has published an advisory on an improper access control vulnerability in SWARCO CPU LS4000. All OS versions starting with G4 are affected. Successful exploitation of this vulnerability could allow access to the device and disturb operations with connected devices. SWARCO has released a patch to fix the vulnerability and close the port. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
CISA has published an advisory on a missing authentication for critical function vulnerability in GE Grid Solutions Reason RT Clocks. For RT430, RT431, and RT434, all firmware versions prior to 08A05 are affected. Successful exploitation of this vulnerability could allow access to sensitive information, execution of arbitrary code, and cause the device to become unresponsive. GE strongly recommends users of time synchronization products update their units to firmware Version 08A05 or greater to resolve these issues. It also recommends a series of mitigation measures.
CISA has published an advisory on information exposure; improper restriction of XML external entity reference; uncontrolled resource consumption; permissions, privilege, and access controls; and improper access control vulnerabilities in ABB Central Licensing System. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow an attacker to take control of the affected system node remotely and cause an affected CLS Server node to stop or prevent legitimate access to the affected CLS Server.
CISA has published an advisory on an incorrect default permissions vulnerability in ABB System 800xA. Numerous products and versions of these products are affected. Successful exploitation of the vulnerability could allow an attacker to make the system node inaccessible or tamper with runtime data in the system. ABB has published an advisory with its recommendations for mitigation measures. CISA also recommends a series of measures to mitigate the vulnerability.
CISA has published an advisory on an incorrect permission assignment for critical resource vulnerability in ABB System 800xA Base. Versions 6.0 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to escalate privileges and cause system functions to stop or malfunction. ABB has published an advisory with its recommendations for mitigation measures. CISA also recommends a series of measures to mitigate the vulnerability.
CISA has published an advisory on an incorrect default permissions vulnerability in ABB System 800xA products. Numerous products and versions of these products are affected. Successful exploitation of the vulnerability could allow an attacker to escalate privileges, cause system functions to stop, and corrupt user applications. ABB has published an advisory with its recommendations for mitigation measures. CISA also recommends a series of measures to mitigate the vulnerability.
With June 1 marking the official start of the 2020 Atlantic hurricane season, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails – often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks.
The National Security Agency (NSA) has released a cybersecurity advisory on Russian advanced persistent threat (APT) group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent (MTA) software. An unauthenticated remote attacker can use this vulnerability to send a specially crafted email to execute commands with root privileges, allowing the attacker to install programs, modify data, and create new accounts.
Flashpoint continues to track key updates regarding Covid-19 and how the pandemic is impacting cyber operations. Highlights include an FBI report warning of the risk of criminals and nation-states targeting US vaccine research, continued incidents of criminals attempting to scam government programs related to the pandemic, the latest misinformation and disinformation narratives that are popular on social media, and the deployment of Covid-19 tracking apps by governments.
CISA has published an advisory on an improper access control vulnerability in Johnson Controls Kantech EntraPass. For Special Edition, Corporate Edition, and Global Edition, all versions up to and including v8.22 are affected. Successful exploitation of this vulnerability could potentially allow an authorized low-privileged user to gain full system-level privileges Johnson Controls recommends users upgrade all Kantech EntraPass Editions to Version 8.23. CISA also recommends a series of measures to mitigate the vulnerabilities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
