The Cybersecurity and Infrastructure Security Agency (CISA) recently released 16 Industrial Control Systems (ICS) advisories with information about current security issues, vulnerabilities, and exploits. The most recent batch included:
CISA also partnered with Cisco to announce security updates to address ArcaneDoor — an exploitation of Cisco Adaptive Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD) software:
More specifically, the update addressed how threat actors could exploit vulnerabilities (CVE-2024-20353, CVE-2024-20359, CVE-2024-20358) to take control of an affected system. Cisco also reported active exploitation of CVE 2024-20353 and CVE-2024-20359 and CISA has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog.