The US Cybersecurity and Infrastructure Security Agency (CISA) has published three separate industrial control system (ICS) advisories. The vulnerabilities affect ETIC Telecom remote Access Server, Nokia ASIK AirScale System Module, and Delta Industrial Automation DIALink.
- Updates to the affected ETIC and DIALink products have been published. Implement mitigations from Nokia until a fix is released. Also make sure that you’re properly segmenting these systems, allowing only vetted users and systems to access them. Don’t enable direct access from the Internet: use a secure VPN, and possibly a bastion host. Make sure that entry points require MFA where possible; don’t get undone after implementing layered defenses by a credential compromise.
Read more in