Today CISA’s NCCIC-ICS published six control system security
advisories for products from Claroty, Aveva, JTEKT, Panasonic and Johnson
Controls (2).
Claroty Advisory - This advisory
describes an authentication bypass using an alternative path or channel
vulnerability in the Claroty Secure Remote Access Site.
Aveva Advisory - This advisory
describes two vulnerabilities in the Aveva System Platform. The vulnerability
was reported by Sharon Brizinov of Claroty.
JTEKT Advisory - This advisory
describes an improper restriction of operations withing the bounds of a memory
buffer vulnerability in the JTEKT TOYOPUC PLCs.
Panasonic Advisory - This advisory
describes an improper restriction of XML external entity reference vulnerability
in the Panasonic FPWIN Pro programming control software.
exacqVision Advisory #1 - This advisory
describes a cross-site scripting vulnerability in the Johnson Controls exacqVision
Enterprise Manager.
exacqVision Advisory #2 - This advisory describes a cross-site scripting vulnerability in the Johnson Controls exacqVision Web Service.
For more detailed information on these advisories, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published
- subscription required.
Posts
No comments:
Post a Comment