Thursday, November 12, 2020

2 Advisories Published – 11-12-20

Today the CISA NCCIC-ICS published one control system security advisory for products from Mitsubishi and one medical device security advisory for products from BD.

Mitsubishi Advisory

This advisory describes an uncontrolled resource consumption vulnerability in the Mitsubishi MELSEC iQ-R series CPU modules. The vulnerability was reported by Xiaofei.Zhang of China ICS-CERT. Mitsubishi has new firmware versions that mitigate the vulnerability. There is no indication that Ziaofei has been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that an uncharacterized attacker could remotely exploit the vulnerability to cause a denial-of-service condition for the affected products.

BD Advisory

This advisory describes an improper authentication vulnerability in the BD Alaris 8015 PC Unit and BD Alaris Systems Manager. The vulnerability was reported by Medigate. BD has versions that mitigate the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to lead to a drop in the wireless capability of the Alaris PC Unit. According to the BD advisory, the attacker “would need access to the customer's wireless network”.

NOTE: NCCIC-ICS did not provide a link to the BD advisory.

No comments:

 
/* Use this with templates/template-twocol.html */