Today CISA’s NCCIC-ICS published five control system security updates for products from Delta Electronics, LCDS, Geutebruck, Mitsubishi, and KUKA. They also updated five security advisories for products from Mitsubishi (2), AVEVA, Delta, and Schneider Electric.
Delta Advisory - This advisory
describes two vulnerabilities in the Delta DIAScreen software.
LCDS Advisory - This advisory
describes a cross-site scripting vulnerability in the LCDS LAquis SCADA.
Geutebruck Advisory - This advisory
describes twelve vulnerabilities in the Geutebruck G-Cam E2 cameras and G-Code encoders.
Mitsubishi Advisory - This advisory
describes a missing synchronization vulnerability in the Mitsubishi GOT2000
series and GT SoftGOT2000 when using the MODBUS/TCP Slave.
KUKA Advisory - This advisory
describes two use of hard-coded credentials vulnerabilities in the KUKA KR C4
controllers.
Mitsubishi Update #1 - This update
provides additional information on an advisory that was originally
published on July 30th, 2020 and most
recently updated on May 27th, 2021.
Mitsubishi Update #2 - This update
provides additional information on an advisory that was originally
published on April 22, 2021.
AVEVA Update - This update
provides additional information on an advisory that was originally published
on June 29th, 2021.
Delta Update - This update
provides additional information on an advisory that was originally
published on July 1st, 2021.
Schneider Update - This update provides additional information on an advisory that was originally published on July 13th, 2021.
For more details on these advisories and updates, including
links to proof-of-concept code, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-5-updates-published
- subscription required.
No comments:
Post a Comment