The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published eight Industrial Control Systems (ICS) advisories warning of critical flaws affecting products from Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx.
Topping the list is CVE-2022-3682 (CVSS score: 9.9), impacting Hitachi Energy’s MicroSCADA System Data Manager SDM600 that could allow an attacker to take remote control of the product.
The flaw stems from an issue with file permission validation, thereby permitting an adversary to upload a specially crafted message to the system, leading to arbitrary code execution.