A recent surge in remote code execution (RCE) exploits targeting Erlang/OTP SSH implementations has been observed by security researchers. Erlang/OTP is a widely used platform for building concurrent, distributed, and fault-tolerant applications, including critical infrastructure components. The vulnerability allows attackers to execute arbitrary code remotely via the SSH service, which is a common protocol for secure remote administration. Notably, approximately 70% of these exploit attempts are focused on operational technology (OT) firewalls, which are specialized security devices protecting industrial control systems (ICS) and critical infrastructure networks. The lack of specific affected versions and absence of publicly available patches suggest that the vulnerability may be either newly discovered or under active investigation. Although no known exploits in the wild have been confirmed yet, the high-priority classification and the targeting of OT firewalls indicate a significant risk to critical infrastructure environments. The minimal discussion level and low Reddit score imply that this threat is emerging and may not yet be widely recognized or mitigated. The exploitation vector likely involves unauthenticated remote access via SSH, enabling attackers to bypass authentication or leverage flaws in the Erlang/OTP SSH implementation to gain full control over targeted devices. This could lead to unauthorized access, manipulation, or disruption of critical network components, especially within industrial environments where OT firewalls are deployed.

For European organizations, the impact of this threat is substantial, particularly for those operating critical infrastructure sectors such as energy, manufacturing, transportation, and utilities that rely on OT firewalls for network segmentation and protection. Successful exploitation could lead to unauthorized control over firewall devices, allowing attackers to manipulate network traffic, disable security controls, or pivot deeper into industrial networks. This compromises the confidentiality, integrity, and availability of critical systems, potentially causing operational disruptions, safety hazards, and significant economic damage. Given the increasing integration of IT and OT environments in Europe, a breach in OT firewalls could facilitate large-scale attacks on industrial processes, leading to cascading effects across supply chains and essential services. Furthermore, regulatory frameworks such as the NIS2 Directive emphasize the protection of critical infrastructure, meaning affected organizations could face legal and compliance repercussions if vulnerabilities are exploited. The threat also raises concerns about nation-state or advanced persistent threat (APT) actors targeting European industrial assets for espionage or sabotage.

European organizations should prioritize immediate risk assessment of their Erlang/OTP SSH implementations, especially within OT firewall devices. Since no patches are currently available, organizations should implement compensating controls such as network segmentation to isolate OT firewalls from less trusted networks and restrict SSH access to trusted management hosts only. Employing strict access control lists (ACLs), multi-factor authentication (MFA) for remote access, and continuous monitoring of SSH logs for anomalous activities is critical. Organizations should also engage with vendors to obtain timely updates or workarounds and consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts targeting Erlang/OTP SSH vulnerabilities. Conducting penetration testing and vulnerability scanning focused on OT firewall SSH services can help identify exposure. Additionally, incident response plans should be updated to address potential RCE incidents in OT environments, ensuring rapid containment and recovery. Collaboration with national cybersecurity agencies and sharing threat intelligence within industry-specific Information Sharing and Analysis Centers (ISACs) will enhance collective defense.