SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

CISA Warns of PoC Exploit for Vulnerability in RAD SecFlow-2 Industrial Switch

CISA has notified RAD after finding a PoC exploit targeting a high-severity vulnerability in an outdated industrial switch.

The US cybersecurity agency CISA on Tuesday released an ICS advisory to notify organizations about a high-severity vulnerability found in an outdated industrial switch made by Israel-based networking equipment manufacturer RAD Data Communications.

The agency recently discovered a publicly available proof-of-concept (PoC) exploit targeting a path traversal vulnerability in RAD’s SecFlow-2 ruggedized switch/router, which is designed for harsh industrial environments.

The flaw has been assigned the identifier CVE-2019-6268, but no information appears to have been publicly available until early March 2024, when someone released technical details and a PoC on the Packet Storm website.

“RAD SecFlow-2 devices with hardware 0202, firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for directory traversal, as demonstrated by reading /etc / shadow,” reads the description posted on Packet Storm for CVE-2019-6268.

It adds, “[An] unauthorized attacker can create a crafted request to obtain any file from the operating system (password hashes).”

Vulnerabilities related to the exposure of passwords can pose a significant risk to ICS and other OT systems. SecurityWeek recently spoke to multiple experts about the prevalence of such flaws and their potential impact.

Advertisement. Scroll to continue reading.

CISA informed RAD about the vulnerability after finding the PoC, but the SecFlow-2 product has reached end of life (EOL) and the vendor has advised customers to upgrade their devices to the newer SecFlow-1p industrial IoT gateway.

In addition, the cybersecurity agency has provided some general recommendations to reduce the risk of malicious exploitation. 

CISA says the impacted product is used worldwide in the communications sector.

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 21-24, 2024 | Atlanta
www.icscybersecurityconference.com

Related: Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE

Related: ICS Patch Tuesday: Advisories Published by Siemens, Schneider Electric, Aveva, CISA

Related: Cisco Finds 15 Vulnerabilities in AutomationDirect PLCs

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: How Modern Breaches Bypass MFA and Evade Detection
June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Register

Webinar: Modern Exposure Validation in the AI Era
June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

Register

People on the Move

SolarWinds has appointed Justin Henkel as Chief Information Security Officer.

J. Paul Haynes has joined Cinchy as Chief Executive Officer.

Hatem Naguib has become Chief Executive Officer at Sysdig.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.