Read more: www.cisa.gov
Several critical vulnerabilities have been discovered in industrial control systems (ICS) products from Siemens, Rockwell Automation, and Delta Electronics. These vulnerabilities could allow attackers to execute arbitrary code, trigger denial-of-service conditions, or gain unauthorized access to sensitive information. One of the most concerning vulnerabilities is CVE-2024-41798, affecting Siemens’ SENTRON 7KM PAC3200 power monitoring device. This vulnerability exposes the device to brute-force attacks and unauthorized access through its Modbus TCP interface. Organizations using these ICS products are urged to prioritize patching and implementing robust security measures to mitigate the risks.