Review - 3 Advisories Published – 9-2-21

Today CISA’s NCCIC-ICS published three control system security advisories for products from Advantech, JTEKT, and Johnson Controls.

Advantech Advisory - This advisory describes a stack-based buffer overflow vulnerability in the Advantech WebAccess HMI platform.

JTEKT Advisory - This advisory describes an allocation of resources without limits or throttling vulnerability in the JTEKT TOYOPUC PLCs.

Johnson Controls - This advisory describes an off-by-one error vulnerability in the Johnson Controls (Sensormatic subsidiary) Illustra camera systems.

For more details about the advisories, including links to published exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-published-9-2-21 - subscription required.