Saturday, June 5, 2021

Review Public ICS Disclosures – Week of 5-28-21

This week we have six vendor disclosures from Aveva, Johnson Controls, QNAP (3), Yokogawa. There is one vendor update from Medtronic. There are also six researcher disclosures for products from Aveva (3), Korenix Technology (also affects Westermo and PEPPERL+FUCHS products), Mesa Labs, Bosch (2) and CHIYU. Finally, we have an exploit for products from VMware.

Two of the vendor advisories and the update should be addressed by NCCIC-ICS this coming week.

The Korenix, Mesa Labs, and CHIYU reports contain proof-of-concept exploit code.

The Korenix report also affects products from Westermo and PEPPERL+FUCHS, though the later had previously published an advisory on the vulnerabilities.

For more details on the disclosures see my report at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-b78 (Subscription Required).


No comments:

 
/* Use this with templates/template-twocol.html */