ICSA-23-082-06 · Published 2024-02-08 · View on CISA ICS-CERT ↗

ProPump and Controls Osprey Pump Controller (Update A)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, retrieve sensitive information, modify data, cause a denial-of-service, and/or gain administrative control.

CVEs (9)

CVE-2023-28395 CVE-2023-28375 CVE-2023-28654 CVE-2023-27886 CVE-2023-27394 CVE-2023-28648 CVE-2023-28398 CVE-2023-28718 CVE-2023-28712

Remediations

ProPump and Controls has released version 20230518 of their product and recommends updating to this version or later. ProPump and Controls has reported the update has fixed the reported vulnerabilities. Users are encouraged to contact ProPump and Controls representative for assistance in ensuring they are up to date with the latest release. No user-initiated update process is available.

Affected Vendors

ProPump and Controls, Inc.

Affected Products (1)

ProPump and Controls, Inc. · Osprey Pump Controller <20230518.

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more