Today CISA’s NCCIC-ICS published one control system security advisory for products from Emerson. They also updated five advisories for products from Mitsubishi.
Emerson Advisory
This advisory describes six vulnerabilities in the Emerson Rosemount X-STREAM Gas Analyzer. The vulnerabilities are self-reported. Emerson has a firmware update that mitigates the vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker can remotely exploit these vulnerabilities to allow an attacker to obtain sensitive information, modify configuration, or affect the availability of the device.
Multiple Products Update
This update provides additional information on an advisory that was originally published on September 1st, 2020 and most recently updated January 26th, 2021. The new information includes updating affected versions and providing mitigation measures for:
• RJ71EN71,
• QJ71E71-100,
• LJ71E71-100,
• QJ71MT91,
• NZ2GACP620-60,
• NZ2GACP620-300, and
• GT25-J71GN13-T2
MELSEC iQ-R Series Update #1
This update provides additional information on an advisory that was originally reported on October 8th, 2020 and most recently updated on February 18th, 2021. The new information includes:
• Adding R08/16/32/120PSFCPU to the
list of affected products, and
• Updating affected version numbers and adding mitigation measures for R16/32/64MTCPU.
MELSEC iQ-R, Q and L Series Update
This update provides additional information on an advisory that was originally published on October 29th, 2020. The new information includes:
• Deleting R 08/16/32/120 PSFCPU from
the list of affected products, and
• Updating affected version numbers and adding mitigation measures for R 08/16/32/120 PCPU.
MELSEC iQ-R Series Update #2
This update provides additional information on an advisory that was originally published on November 19th, 2020. The new information includes updating affected version information and adding mitigation measures for:
• R08/16/32/120 PCPU, and
• R08/16/32/120PSFCPU
MELFA Update
This update provides additional information on an advisory that was originally published on January 21st, 2021. The new information includes:
• Modifying the description of
“Countermeasures”, and
• Adding the IP filter function to “Mitigations”.
No comments:
Post a Comment