The security holes, identified by a researcher who uses the online moniker “kimiya,” were discovered in the Tellus Lite V-Simulator and V-Server Lite products, which are used worldwide to remotely monitor and operate factories. Versions prior to 220.127.116.11 are affected.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday published an advisory to inform organizations about the flaws and the availability of fixes.
The vulnerabilities include various memory-related issues that can be exploited for DoS attacks, arbitrary code execution, or to obtain potentially sensitive information. A high severity rating has been assigned to each of the flaws.