Today the CISA NCCIC-ICS published a control system advisory
for products from Omron. They also updated two previously published security
advisories for products from Omron and Interpeak (medical device advisory).
Omron Advisory
This advisory
describes a use of obsolete function vulnerability in the Omron CX-Supervisor.
The vulnerability was reported by Michael DePlante of the Zero Day Initiative.
Omron has a new version that mitigates the vulnerability. There is no indication
that DePlante has been provided an opportunity to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to result in information disclosure,
total compromise of the system, and system unavailability.
Omron Update
This update
provides additional information on an advisory that was originally
published on May 14th, 2019. The new information includes the
announcement of a new version that mitigates the vulnerability.
Interpeak IPnet (medical device) Update
This update
provides additional information on an advisory that was originally
published on October 1st, 2019 and last
updated on October 10th. The new information is the addition of
Hillrom to the list of vendors that have also released security advisories
related to their affected products. Unfortunately, the link provided takes one
to a generic responsible
disclosure page with no mention of security advisories.
Posts
No comments:
Post a Comment