Festo has identified a vulnerability in its MSE6 product-family that could allow remote attackers to exploit hidden functions, risking confidentiality, integrity, and availability. Mitigation strategies include network isolation and secure remote access practices. #Festo #CVE-2023-3634
Keypoints
- A security flaw exists in Festoβs MSE6 control systems allowing remote exploitation of undocumented test functions.
- The vulnerability has a CVSS score of 8.8, indicating high severity and ease of remote exploitation with low privileges.
- All versions of several MSE6 models are affected by this hidden functionality issue.
- Festo has released updates to the user documentation and recommends network isolation and secure remote methods.
- Organizations should perform risk assessments, apply mitigation strategies, and monitor for malicious activity.
Read More: https://www.cisa.gov/news-events/ics-advisories/icsa-25-324-04