ICSA-23-012-02 · Published 2023-01-12 · View on CISA ICS-CERT ↗

RONDS Equipment Predictive Maintenance Solution

CVSS 8.2 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an unauthorized user to leak login credentials and download files. In some circumstances, an unauthorized user can use login credentials to achieve remote code execution.

CVEs (2)

CVE-2022-3091 CVE-2022-2893

Remediations

RONDS provides the software to users that purchase their products and recommends users upgrade the software to version 1.35.21.

Affected Vendors

RONDS

Affected Products (1)

RONDS · Equipment Predictive Maintenance (EPM) 1.19.5

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more