June 19, 2024 at 07:21AM
CISA issued an advisory regarding a high-severity vulnerability in an old industrial switch made by RAD Data Communications. An exploit targeting the vulnerability was found, posing a risk to industrial systems. The impacted product is used globally, and CISA recommended upgrading to a newer model to mitigate the risk.
Based on the meeting notes, the key takeaways are:
– The US cybersecurity agency CISA has released an advisory about a high-severity vulnerability in an outdated industrial switch produced by RAD Data Communications.
– The vulnerability, tracked as CVE-2019-6268, involves a path traversal flaw in RAD’s SecFlow-2 ruggedized switch/router, allowing unauthorized access to sensitive files, including password hashes.
– RAD Data Communications has reached end of life (EOL) for the affected product and advised customers to upgrade to the newer SecFlow-1p industrial IoT gateway.
– CISA has provided general recommendations to mitigate the risk of malicious exploitation and noted that the impacted product is used globally in the communications sector.
If you need any further information or details on this, feel free to ask.