A report published recently by the Cybersecurity and Infrastructure Security Agency (CISA) warned about two new ICS vulnerabilities found in products widely used in healthcare, critical manufacturing, and other sectors susceptible to cybercrime activity.
Among the affected products are Baxter’s Connex Health Portal, as well as Mitsubishi Electric’s MELSEC line of programmable controllers for the home and office.
In response to the vulnerabilities found in the respective technologies, both vendors have released updates to plug the vulnerabilities and recommended mitigations for customers who wish to mitigate risk further.
According to CISA’s advisory, two vulnerabilities were identified in Baxter’s Connex Health Portal (formerly Hillrom and Welch Allyn) that could be remotely exploited and have low attack complexity, which made them suitable for remote attacks.
The CVE-2024-6795 vulnerability is one of the highest severity (CVSS score of 10.0) SQL injection vulnerabilities that an unauthenticated attacker could exploit to run arbitrary SQL queries on affected systems through one of the vulnerabilities, assignment CVE-2024-6795. It was described by CISA that this vulnerability would allow attackers to view, manipulate, and delete sensitive data, in addition to taking other administrator-level actions, including shutting down the database in some cases.
As part of the U.S.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: