Tuesday, May 18, 2021

1 Advisory and 5 Updates Published – 5-18-21

Today CISA’s NCCIC-ICS published one control system security advisory for products from Emerson. They also updated five advisories for products from Mitsubishi. 

Emerson Advisory

This advisory describes six vulnerabilities in the Emerson Rosemount X-STREAM Gas Analyzer. The vulnerabilities are self-reported. Emerson has a firmware update that mitigates the vulnerability.

NCCIC-ICS reports that a relatively low-skilled attacker can remotely exploit these vulnerabilities to allow an attacker to obtain sensitive information, modify configuration, or affect the availability of the device.

Multiple Products Update

This update provides additional information on an advisory that was originally published on September 1st, 2020 and most recently updated January 26th, 2021. The new information includes updating affected versions and providing mitigation measures for:

• RJ71EN71,

• QJ71E71-100,

• LJ71E71-100,

• QJ71MT91,

• NZ2GACP620-60,

• NZ2GACP620-300, and

• GT25-J71GN13-T2

MELSEC iQ-R Series Update #1

This update provides additional information on an advisory that was originally reported on October 8th, 2020 and most recently updated on February 18th, 2021. The new information includes:

• Adding R08/16/32/120PSFCPU to the list of affected products, and

• Updating affected version numbers and adding mitigation measures for R16/32/64MTCPU.

MELSEC iQ-R, Q and L Series Update

This update provides additional information on an advisory that was originally published on October 29th, 2020. The new information includes:

• Deleting R 08/16/32/120 PSFCPU from the list of affected products, and

• Updating affected version numbers and adding mitigation measures for R 08/16/32/120 PCPU.

MELSEC iQ-R Series Update #2

This update provides additional information on an advisory that was originally published on November 19th, 2020. The new information includes updating affected version information and adding mitigation measures for:

• R08/16/32/120 PCPU, and

• R08/16/32/120PSFCPU

MELFA Update

This update provides additional information on an advisory that was originally published on January 21st, 2021. The new information includes:

• Modifying the description of “Countermeasures”, and

  • Adding the IP filter function to “Mitigations”. 

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */