Thursday, April 8, 2021

1 Advisory and 1 Update Published – 4-8-21

Today the CISA NCCIC-ICS published a control system security advisory for products from FATEK Automation and updated a medical device security advisory for products from Medtronic.

FATEK Advisory

This advisory describes an integer underflow vulnerability in the FATEK WinProladder PLC. The vulnerability was reported by Francis Provencher via the Zero Day Initiative. NCCIC-ICS reports that FATEK is working on mitigation measures.

NCCIC-ICS reports that an uncharacterized attacker with uncharacterized access could exploit the vulnerability to cause execution of arbitrary code.

NOTE: I briefly described this vulnerability on March 13th, 2020.

Medtronic Update

This update provides additional information on an advisory that was originally published on March 21st, 2019 and most recently updated on June 4th, 2020. The new information includes announcing that updates are available for:

• Protecta™ Cardiac Resynchronization Therapy Defibrillator (CRT-D), and

• Implanted Cardiac Defibrillator (ICD), all models

No comments:

/* Use this with templates/template-twocol.html */