Today CISA’s NCCIC-ICS published six control system security Advisories for products from All Bachmann Electronic, Mitsubishi Electric (2), Delta Electronics, and Johnson Controls (2).
Bachmann Advisory - This advisory
describes a use of password hash with insufficient computational effort in the Bachmann
M-Base Controllers.
Mitsubishi Advisory #1 - This advisory describes
an improper restriction of XML external entity reference vulnerability in the
Mitsubishi Air Conditioning Systems.
Mitsubishi Advisory #2 - This advisory describes
an incorrect implementation of authentication algorithm in the Mitsubishi Air
Conditioning Systems.
Delta Advisory - This advisory describes
an out-of-bounds read vulnerability in the Delta DOPSoft.
Johnson Controls Advisory #1 - This advisory describes
an improper input validation vulnerability in the Johnson Controls C-CURE 9000.
Johnson Controls Advisory #2 - This advisory describes an improper privilege management vulnerability in the Johnson Controls Facility Explorer SNC Series Supervisory Controller.
For a more detailed look at the advisories, see my article
at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/six-advisories-published
- subscription required.
Posts
No comments:
Post a Comment