CP
cyberpings
VulnerabilitiesHIGH

Critical Flaws in Hikvision and Rockwell Products Exposed!

THThe Hacker News17h ago2 min read
CISAHikvisionRockwell AutomationCVE-2017-7921
🎯

Basically, two serious security holes in popular devices are being actively exploited by hackers.

Quick Summary

CISA has flagged critical vulnerabilities in Hikvision and Rockwell Automation products. Users face risks of unauthorized access and potential data breaches. Immediate software updates and security reviews are necessary to protect against these threats.

What Happened

A major cybersecurity alert has been issued as the U.S. Cybersecurity and Infrastructure Security Agency (CISA?) added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This action highlights the urgency of addressing these flaws, which have been confirmed to be actively exploited in the wild. Both vulnerabilities have a CVSS score of 9.8, indicating their severity and the potential impact on users.

The vulnerabilities affect products from Hikvision, a well-known manufacturer of video surveillance equipment, and Rockwell Automation, a leader in industrial automation. The specific vulnerabilities include CVE-2017-7921?, which involves improper authentication?. This means that unauthorized users could gain access to systems that should be secure, putting sensitive information and operations at risk.

Why Should You Care

If you use Hikvision or Rockwell Automation products, this news is particularly concerning. Imagine leaving your front door unlocked; that's what these vulnerabilities do for your security systems. Hackers could exploit these flaws to access your cameras or control your industrial processes, leading to potential data breaches or operational disruptions.

Even if you don't directly use these products, the implications are broad. Many businesses rely on interconnected systems, and a breach in one area can lead to vulnerabilities in others. This situation serves as a reminder to regularly update and patch your systems to protect against such threats. Stay vigilant and proactive!

What's Being Done

CISA? is urging all users of affected Hikvision and Rockwell Automation products to take immediate action. Here are some steps you should consider:

  • Update your software to the latest version provided by the manufacturers.
  • Review your security settings to ensure they are configured correctly.
  • Monitor your systems for any unusual activity that may indicate exploitation.

Experts are closely watching for any new attacks exploiting these vulnerabilities, so staying informed is crucial. The cybersecurity landscape is always evolving, and being proactive can safeguard your assets.

💡 Tap dotted terms for explanations

🔒 Pro insight: The high CVSS score indicates a significant risk, and organizations must prioritize patching to mitigate potential exploitation.

Original article from

The Hacker News

Read Full Article

Share

Related Pings

HIGHVulnerabilities

HttpOnly Cookies at Risk from New 'Cookie Sandwich' Technique

A new technique called 'cookie sandwich' can steal secure cookies from websites. This affects users relying on HttpOnly flags for protection. Stay informed and ensure your online security measures are up to date.

PortSwigger Research·41m ago·2m
HIGHVulnerabilities

Exploitation Alert: Gladinet Vulnerability Targets Cryptography

A vulnerability in Gladinet's CentreStack and Triofox software is being actively exploited. Users are at risk of data breaches due to hardcoded cryptographic keys. Gladinet is working on a fix, but immediate action is needed to secure your systems.

Huntress Blog·41m ago·2m
HIGHVulnerabilities

XSS Vulnerability Found in RPi-Jukebox-RFID 2.8.0

A serious XSS vulnerability has been found in RPi-Jukebox-RFID 2.8.0. Users are at risk of attackers injecting harmful scripts. Update your software immediately to protect your device and data.

Exploit-DB·41m ago·2m
HIGHVulnerabilities

Hacked Construction Apps Threaten Jobsite Security

Hacked construction apps are exposing job sites to security risks. This affects contractors and workers alike, leading to potential project delays and safety issues. Stay updated on software patches and security measures to protect your projects.

Huntress Blog·41m ago·2m
HIGHVulnerabilities

URL Validation Bypass Cheat Sheet Gets Powerful New Payloads

A new update to the URL Validation Bypass Cheat Sheet introduces powerful payloads for web security experts. This matters because weak URL validations can lead to serious security breaches. Stay informed and protect your online activities!

PortSwigger Research·41m ago·2m
HIGHVulnerabilities

Windows 10 Faces Spoofing Vulnerability Risk

A spoofing vulnerability has been found in Windows 10 version 10.0.17763.7009. This flaw could allow attackers to impersonate legitimate users, risking your sensitive information. Microsoft is working on a patch, so stay alert and update your system when available.

Exploit-DB·41m ago·2m