Thursday, May 6, 2021

2 Updates Published – 5-6-21

Today CISA’s NCCIC-ICS updated two control system security advisories for products from Open Design Alliance and multiple RTOS vendors.

ODA Update

This update provides additional information on an advisory that was originally published on February 16th, 2021. The new information includes:

• Adding a new out-of-bounds write vulnerability, and

• Adding a new affected product that is only affected by the new vulnerability.

NOTE: I briefly described the new vulnerability last Saturday.

Multiple RTOS Update

This update provides additional information on the BadAlloc advisory that was originally published on April 29th, 2021. The new information includes adding:

• Four new integer overflow or wraparound vulnerabilities – CVE-2021-27411, CVE-2021-26706, CVE-2021-27407, and CVE-2020-13603,

• Two new affected products - Micrium uC/LIB and Zephyr Project RTOS, and

• Mitigation measures for the new products.

NOTE: I mentioned the possibility that there would be additional RTOS that were affected last Friday.

No comments:

 
/* Use this with templates/template-twocol.html */