The NOAA JPSS System is affected by thousands vulnerabilities, according to a memorandum from the Department of Commerce’s Office of the Inspector General.
The Satellite systems at NOAA (National Oceanic and Atmospheric Administration) are affected by thousands of severe vulnerabilities that could be exploited by threat actors hit them.
“Our analysis of the JPSS program’s assessments of system vulnerabilities found that, since FY 2012, the number of high-risk vulnerabilities in the system had increased by two-thirds despite recent efforts the program has taken to remediate these vulnerabilities,” reports a memorandum from Allen Crawley, assistant inspector general for systems acquisition and IT security, to Kathryn Sullivan, under secretary of commerce for oceans and atmosphere and NOAA administrator.
“If exploited, these [high-risk] vulnerabilities may make it possible for attackers to significantly disrupt the JPSS mission of providing critical data used in weather forecasting and climate monitoring,” Crawley states in the memorandum.
- More than 9,100 instances of high-risk vulnerabilities identified by vulnerability scans, including (a) out-of-date software versions or missing security patches, (b) insecurely configured software, and (c) unnecessary user privileges within the operating systems and software.
- More than 3,600 instances where password and auditing settings need to be configured in accordance with JPSS policy.
- Unnecessary software applications that need to be removed or disabled.
- Three outstanding vulnerabilities identified by penetration testing conducted in June 2012.
(Security Affairs – NOAA satellite system, critical infrastructure)