Tuesday, August 17, 2021

Review – 3 Advisories and 1 Update Published – 8-17-21

 Today CISA’s NCCIC-ICS published three control system security advisories for products from xArrow, Advantech, and ThroughTek. They also updated an advisory for products for multiple RTOS.

xArrow Advisory - This advisory describes three vulnerabilities in the xArrow SCADA/HMI.

Advantech Advisory - This advisory describes an improper authentication vulnerability in the Advantech WebAccess network management system (NMS).

ThroughTek Advisory - This advisory describes an improper access control vulnerability in their Kalay P2P software development kit (SDK).

Multiple RTOS Update - This update provides additional information for an advisory that was originally published on April 29th, 2021 and most recently updated on May 20th, 2021.

NOTE: CISA’s National Cyber Awareness System (NCAS) published a separate advisory for the BlackBerry BadAlloc vulnerabilities covered in this Update.


For more details about these advisories, including links to proof-of-concept code and plenty of editorial notes, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-1-update-published - subscription required.

No comments:

/* Use this with templates/template-twocol.html */