Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations. Vulnerable products are widely used in field-based industries such as oil and gas, water utilities, and electric utilities to remotely access, maintain and monitor ICS and field devices. Successful exploitation of these vulnerabilities can give an unauthenticated attacker direct access to the ICS devices and potentially cause some physical damage. The vendors were notified of the vulnerabilities and responded quickly to release security fixes that patch their products’ loopholes. All three vendors are recommended to update their products to the newly released GateManager versions 9.2c, Moxa EDR-G902/3 to.
Source: https://thehackernews.com/2020/07/industrial-vpn-security.html