In this week’s Neeve Newsletter, CISA highlights critical vulnerabilities in industrial control systems, researchers uncover 1,000+ flaws in ABB building management products, and a single exposed IP reveals nearly 200 connected devices at risk.

This Week’s Cyber Insights

• 🦈 IP Scanning Reveals Hidden Device Risks

• 📢 CISA Warns of Critical ICS Risks

• 🔧 1,000 Vulnerabilities Found in ABB Systems

• 📰 Further Alerts & Insights

🦈 IP Scanning Reveals Hidden Device Risks

A single exposed device IP led to the discovery of 199 other vulnerable devices across multiple subnets.

• Tools like Shodan and Censys identified control system devices such as BACnet routers and Honeywell controllers.

• Misconfigured devices exposed 200+ ICS endpoints, including 34 security cameras and 10 remote access systems.

• Attackers could exploit these vulnerabilities to control HVAC systems, security points, and other critical systems.

🤔 The Bigger Picture:

The article underscores the ease with which attackers can uncover massive vulnerabilities from a single entry point. Organizations must regularly audit network configurations, restrict internet exposure of control devices, and monitor for unauthorized access.

Read the full article

📢 CISA Warns of Critical ICS Risks

CISA issued six advisories detailing vulnerabilities in industrial control systems (ICS) across industries.

• Issues include OS command injection, cleartext credentials, and firmware tampering in devices by Hitachi, Schneider Electric, and others.

• CVSS scores range up to 9.3, signaling potential for severe impacts like remote code execution and unauthorized access.

• Vendors recommend immediate firmware updates and strengthened access controls to mitigate risks.

🤔 The Bigger Picture:

ICS vulnerabilities can compromise critical infrastructure like energy, manufacturing, and transportation systems. Organizations must act promptly to apply patches and tighten security protocols to prevent exploitation. Early intervention is vital to safeguard operational continuity and sensitive data.

Read the full article

🔧 1,000 Vulnerabilities Found in ABB Systems

Researcher discovered 1,000+ vulnerabilities in ABB building management systems, including critical flaws like SQL injection and XSS.

• Exploits could enable remote control of building systems, exposing hospitals, stadiums, and airports to risks.

• ABB has patched the flaws but faced criticism for delayed responses and insufficient CVE assignments.

• Vulnerabilities stem from a 19-year-old codebase and years of inadequate security practices.

🤔 The Bigger Picture:

The widespread nature of these vulnerabilities highlights the long-term risks of outdated software. Regular security audits and proactive vendor oversight are critical to reducing systemic risks in critical infrastructure environments.

Read the full article

Further Alerts & Insights