CyberSecurityBoard
Sponsor Register Login

Franklin Electric Fueling Systems Colibri

RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to obtain login credentials for other users. The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. CVE-2023-5885 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is. MITIGATIONS. Franklin Electric Fueling Systems determined that the vulnerability only affects the Colibri product which has not been sold since 2020 and does not affect the current EVO product lines. They created a firmware update for Colibri to address the issue. Users can download the update at from the Franklin Electric website. Franklin Electric is working with distributors to make sure all known users are aware that the update is available for installation. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as virtual private networks, recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa. Gov/ics in the technical information paper, ICS-TIP-12-146-01B-Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

This Cyber News was published on www.cisa.gov. Publication date: Thu, 30 Nov 2023 21:55:05 +0000


Cyber News related to Franklin Electric Fueling Systems Colibri

Franklin Electric Fueling Systems Colibri - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to obtain login credentials for other users. The discontinued FFS Colibri product allows a remote user to access files on the system including files containing ...
7 months ago Cisa.gov
CVE-2022-25155 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
10 months ago
CVE-2022-25157 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
10 months ago
CVE-2022-25158 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-25156 - Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric ...
10 months ago
CVE-2021-20609 - Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
1 year ago
CVE-2021-20610 - Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions ...
1 year ago
CVE-2021-20611 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
1 year ago
CVE-2022-25159 - Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, ...
2 years ago
CVE-2022-25160 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-40267 - Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x32,64,80, yT,R, zES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi ...
1 year ago
Energy giant Schneider Electric hit by Cactus ransomware attack - Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. BleepingComputer has learned that the ransomware attack hit the ...
5 months ago Bleepingcomputer.com
CVE-2022-24946 - Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi ...
1 year ago
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
6 months ago Cyberdefensemagazine.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
5 months ago Securityintelligence.com
CVE-2022-25161 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x32,64,80, yT,R, zES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series ...
2 years ago
CVE-2022-25162 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x32,64,80, yT,R, zES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series ...
2 years ago
Franklin Fueling System EVO 550/5000 - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the system. Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker ...
3 months ago Cisa.gov
Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
6 months ago Securityboulevard.com
The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world - While I don't own a Tesla, I am now more invested in following the various ways attackers can take advantage of the connectivity of electric cars. They're all Wi-Fi connected so drivers can control the charging speed and timing of their cars, monitor ...
5 months ago Blog.talosintelligence.com
Find the Best Home Security System for your Home - Finding the best home security system for your home can be a daunting prospect. From choosing the right equipment to finding a trusted provider, there are many considerations that go into your decision-making process. Fortunately, there are some ...
1 year ago Zdnet.com
Tesla Expands Market Share Lead In Norway - Tesla expands top Norwary market share to 20 percent of new cars, even as it loses position as biggest EV seller worldwide to China's BYD. Tesla has expanded its leading share of Norways' electric vehicle market as the oil-producing country seeks to ...
6 months ago Silicon.co.uk
CVE-2021-46417 - Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580. ...
2 years ago
Cisco and Schneider Electric Are Creating Smarter, More Efficient Buildings - Whether your organization owns commercial property, leases it, or manages it, you're likely to be grappling with industry trends and challenges that call on your best efforts-and the innovative application of technology. The need to reduce energy ...
5 months ago Feedpress.me
Fuji Electric Tellus Lite V-Simulator - RISK EVALUATION. Successful exploitation of these vulnerabilities could crash the device being accessed, allow remote code execution, or overwrite files. Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a ...
7 months ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)