Yesterday CISA’s NCCIC-ICS updated five control system security advisories for products from Mitsubishi, Yokogawa, Johnson Controls, ARC and PTC.
Mitsubishi Update
This update provides additional information on an advisory that was originally published on July 30th, 2020. The new information includes updating affected version information and mitigation measures for GT SoxGOT1000 Version3.
Yokogawa Update
This update provides additional information on an advisory that was originally published on August 11th, 2020. The new information includes adding Exaopc to the list of affected products and providing mitigation measures for that product.
NOTE: I briefly mentioned Yokogawa’s update that was the basis for this update back in early December.
Johnson Controls Update
This update provides additional information on an advisory that was originally published on October 8th, 2020. The new information includes adding the Software House C•CURE Web Client to the list of affected products and providing mitigation measures for that product.
NOTE: Looking at the Johnson Control’s advisory, it looks like NCCIC-ICS updated the wrong advisory. It should have been ICSA-20-324-01 that was published on November 17th, 2020. Similar vulnerabilities were involved but the CVE number was different (CVE-2020-9049 not CVE-2020-9048).
ARC Update
This update provides additional information on an advisory that was originally published on November 3rd, 2020. The new information includes additional mitigation measures for Version 12 (12.0.17 Maintenance Release) and Version 11.2 (11.2.06097 Update).
PTC Update
This update provides additional information on an advisory that was originally published on December 17th, 2020. The new information includes updated affected version information and mitigation measures for Rockwell Automation KEPServer Enterprise.
NOTE: This information was available in the Rockwell advisory
that was published on December 17th, 2020.
No comments:
Post a Comment