Today the CISA NCCIC-ICS published a control system security advisory for products from FATEK Automation and updated a medical device security advisory for products from Medtronic.
FATEK Advisory
This advisory describes an integer underflow vulnerability in the FATEK WinProladder PLC. The vulnerability was reported by Francis Provencher via the Zero Day Initiative. NCCIC-ICS reports that FATEK is working on mitigation measures.
NCCIC-ICS reports that an uncharacterized attacker with uncharacterized access could exploit the vulnerability to cause execution of arbitrary code.
NOTE: I briefly described this vulnerability on March 13th, 2020.
Medtronic Update
This update provides additional information on an advisory that was originally published on March 21st, 2019 and most recently updated on June 4th, 2020. The new information includes announcing that updates are available for:
• Protecta™ Cardiac
Resynchronization Therapy Defibrillator (CRT-D), and
• Implanted Cardiac Defibrillator
(ICD), all models
Posts
No comments:
Post a Comment