The vendor has released a patch for this issue. If you are running a version of the software listed above, you should update as soon as possible. There is no known workaround at this time. Mitigate risk We advise customers to consider the following precautions to prevent the risk associated with this issue: - Restrict network access to devices as much as possible. Be particularly careful with remote access. Vulnerable HMI devices are typically targeted for remote exploitation. - Do not open unsolicited connections to remote hosts or services. Doing so could put your system at risk. - Do not accept connections from IP addresses if possible. An attacker can spoof an IP address to make it look like it originates from a trusted source. - Regularly monitor your systems for signs of inbound or outbound connection attempts. - If a Vulnerable HMI device is accessible from the outside network, change the default administrative credentials from remote if possible. - Do not use public or shared service accounts for administrative purposes. Doing so leaves the system vulnerable to remote exploitation.
Summary
The vendor has released a patch for this issue. If you are running a version of the software listed above, you should update as soon as possible. There is no known workaround at this time. Mitigate risk
Summary
The vendor has released a patch for this issue. If you are running a version of the software listed above, you should update as soon as possible. There is no known workaround at this time. Mitigate risk We advise customers to consider the following precautions to prevent the risk associated with this issue: - Restrict network access to devices as much as possible. Be particularly careful with remote access. Vulnerable HMI devices are typically targeted for remote exploitation. - Do not open unsolicited connections to remote hosts or services. Doing so could put your system at risk. - Do not accept connections from IP addresses if possible. An attacker can spoof an IP address to make it look like it originates from a trusted source. - Regularly monitor your systems for signs of inbound or outbound connection attempts.
Timeline
Published on: 10/11/2022 11:15:00 UTC
Last modified on: 10/14/2022 17:07:00 UTC