Today CISA’s NCCIC-ICS updated two control system security advisories for products from Open Design Alliance and multiple RTOS vendors.
ODA Update
This update provides additional information on an advisory that was originally published on February 16th, 2021. The new information includes:
• Adding a new out-of-bounds write
vulnerability, and
• Adding a new affected product that is only affected by the new vulnerability.
NOTE: I briefly described the new vulnerability last Saturday.
Multiple RTOS Update
This update provides additional information on the BadAlloc advisory that was originally published on April 29th, 2021. The new information includes adding:
• Four new integer overflow or
wraparound vulnerabilities – CVE-2021-27411, CVE-2021-26706, CVE-2021-27407,
and CVE-2020-13603,
• Two new affected products - Micrium
uC/LIB and Zephyr Project RTOS, and
• Mitigation measures for the new products.
NOTE: I mentioned
the possibility that there would be additional RTOS that were affected last
Friday.
Posts
No comments:
Post a Comment