Several critical vulnerabilities have been discovered in industrial control systems (ICS) products from Siemens, Rockwell Automation, and Delta Electronics. These vulnerabilities could allow attackers to execute arbitrary code, trigger denial-of-service conditions, or gain unauthorized access to sensitive information. One of the most concerning vulnerabilities is CVE-2024-41798, affecting Siemens’ SENTRON 7KM PAC3200 power monitoring device. This vulnerability exposes the device to brute-force attacks and unauthorized access through its Modbus TCP interface. Organizations using these ICS products are urged to prioritize patching and implementing robust security measures to mitigate the risks.
Mitsubishi Electric has identified a vulnerability, tracked as CVE-2024-0727, in its MELSEC iQ-F FX5-OPC communication units. The vulnerability is a NULL pointer dereference flaw that can be exploited by malicious actors to cause denial-of-service (DoS) conditions. The attacker could exploit this vulnerability by using a specially crafted PKCS#12 format certificate and getting a legitimate user to import it. This could cause the affected device to crash or become unresponsive, disrupting industrial operations. Mitsubishi Electric has not released a patch for this vulnerability and has recommended mitigation steps to minimize the risk of exploitation.
TEM Opera Plus FM Family Transmitters, version 35.45, have been identified with two vulnerabilities: a missing authentication vulnerability and a cross-site request forgery (CSRF) vulnerability. These vulnerabilities could allow an attacker to gain unauthorized access to critical functions or to manipulate the transmitters through CSRF attacks. The TEM company has not responded to reports of these vulnerabilities, making it crucial for users to take immediate mitigation steps, such as minimizing network exposure and utilizing secure remote access methods.