Review – 3 Advisories and 1 Update Published – 8-17-21

 Today CISA’s NCCIC-ICS published three control system security advisories for products from xArrow, Advantech, and ThroughTek. They also updated an advisory for products for multiple RTOS.

xArrow Advisory - This advisory describes three vulnerabilities in the xArrow SCADA/HMI.

Advantech Advisory - This advisory describes an improper authentication vulnerability in the Advantech WebAccess network management system (NMS).

ThroughTek Advisory - This advisory describes an improper access control vulnerability in their Kalay P2P software development kit (SDK).

Multiple RTOS Update - This update provides additional information for an advisory that was originally published on April 29^th, 2021 and most recently updated on May 20^th, 2021.

NOTE: CISA’s National Cyber Awareness System (NCAS) published a separate advisory for the BlackBerry BadAlloc vulnerabilities covered in this Update.

 

For more details about these advisories, including links to proof-of-concept code and plenty of editorial notes, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-1-update-published - subscription required.