Today CISA’s NCCIC-ICS published a control system security advisory for products from FATEK and a medical device security advisory for products from Philips
FATEK Advisory
This advisory describes three vulnerabilities in the FATEK WinProladder. The vulnerabilities were reported by Michael Heinzl. FATEK is working on mitigation measures.
The three reported vulnerabilities are:
• Out-of-bounds read - CVE-2021-32990,
• Out-of-bounds write -CVE-2021-32988,
and
• Improper restriction of operations within the bounds of a memory buffer - CVE-2021-32992
NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access could exploit the vulnerabilities to allow for the execution of arbitrary code.
Philips Advisory
This advisory describes a clear-text transmission of sensitive information vulnerability in the Philips Interoperability Solution XDS document sharing system. The vulnerability is self-reported. Philips provides generic mitigation measures.
NCCIC-ICS reports that an uncharacterized attacker could
remotely exploit the vulnerability to allow an attacker to read the LDAP system
credentials by gaining access to the network channel used for communication.
This risk applies to configurations using LDAP via TLS and where the domain
controller returns LDAP referrals.
Posts
No comments:
Post a Comment