This week we have two vendor disclosures from Phoenix Contact
and CODESYS and an update from Rockwell.
Phoenix Contact Advisory
Phoenix Contact published an
advisory [.PDF download link] describing an improper path sanitation on
import of project files vulnerability in their PLCnext Engineer. The
vulnerability was reported by Amir Preminger of Claroty. Phoenix Contact has a
new version that mitigates the vulnerability.
CODESYS Advisory
CODESYS published an
advisory [.PDF download link] describing an uncontrolled memory allocation
vulnerability in their CODESYS V3 Visualization product. The vulnerability was reported
by Tenable. The Tenable report includes proof-of-concept code. CODESYS has a new
version that mitigates the vulnerability.
Rockwell Update
Rockwell published an
update for their FactoryTalk View SE advisory that was originally
published on June 18th, 2020. The new information includes updated
guidance given public scripts. NCCIC-ICS should update their advisory
next week.
Posts
No comments:
Post a Comment