Category: Vulnerabilities

Armis announced the discovery of five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices without any user interaction. The vulnerabilities, dubbed CDPwn, affect a wide variety of Cisco equipment. Read More

The Cybersecurity and Infrastructure Security Agency within the US Department of Homeland Security also released an advisory in July about the cybersecurity vulnerabilities, known as URGENT/11. “Some medical device manufacturers are already actively assessing which devices that use these operating systems are affected by URGENT/11 and identifying risk and remediation actions. Several manufacturers have also notified their customers consumers with devices determined to be affected so far, which include an imaging system, an infusion pump, and an anesthesia machine,” FDA says. [via CI Security]

This week, Microsoft announced a critical vulnerability in Windows XP, 7 and 2003 systems. This vulnerability could be exploited and spread like WannaCry. [Read Krebs, https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/ ]

As we should realize, industrial IoT (IIoT) systems often are forced to run older versions of software, and may be running these operating systems. In addition, these workstations, embedded systems and other outdated devices running a vulnerable OS may not be quickly and easily patched. It is important to quickly develop a response strategy for this latest vulnerability to protect your industrial systems.

MORE: https://www.zdnet.com/article/are-8-new-spectre-class-flaws-about-to-be-exposed/