CISA directs focus on critical vulnerabilities in infrastructure, medical devices

TLDR:

• CISA issues four advisories on vulnerabilities in industrial control systems (ICS) and medical devices.
• Vulnerabilities were found in Hughes Network Systems’ WL3000 Fusion Software, Mitsubishi Electric’s MELSEC series, and Baxter’s Connex Health Portal.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued four advisories highlighting vulnerabilities in industrial control systems (ICS) and medical devices. The advisories address hardware vulnerabilities in Hughes Network Systems’ WL3000 Fusion Software, vulnerabilities in Mitsubishi Electric’s MELSEC series, and vulnerabilities in Baxter’s Connex Health Portal used in the U.S. healthcare sector.

The vulnerabilities identified in Hughes Network Systems’ WL3000 Fusion Software could allow attackers to obtain read-only access to network configuration information. CISA also warned about SQL injection and improper access control vulnerabilities in Baxter’s Connex Health Portal, which could lead to malicious code injection or unauthorized access to sensitive data. The agency recommended defensive measures to minimize the risk of exploitation of these vulnerabilities, such as minimizing network exposure and using secure remote access methods like virtual private networks (VPNs).

These vulnerabilities were promptly patched by the respective companies, and no user action is required. CISA advises users to stay updated on security advisories and take necessary precautions to protect critical infrastructure systems and medical devices from potential cyber threats.