You are here

Fazecast jSerialComm (ICSA-20-126-01)

Fazecast jSerialComm (ICSA-20-126-01)

Created: Tuesday, May 5, 2020 - 13:58
Categories:
Cybersecurity

CISA has published an advisory on an uncontrolled search path element vulnerability in Fazecast jSerialComm. Versions 2.2.2 and prior of jSerialComm and versions 1.5.x, 1.6.x, and 1.7.x of EcoStruxure IT Gateway are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a targeted system. Fazecast recommends users update jSerialComm to Version 2.3 or later. Schneider Electric recommends users upgrade EcoStruxure IT Gateway to Version 1.8.1 or later. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.