Today, CISA’s NCCIC-ICS published six control system security advisories for products from OSIsoft (2), mySCADA, Siemens, and Schneider (2). They also published one update for an advisory for products from Advantech and one medical device security advisory for products from Philips.
Siemens published 12 other advisories and 10 updates today. I expect that some of those may be addressed by NCCIC-ICS on Thursday. I will address any remaining advisories and updates this weekend.
Schneider published five other advisories and three updates today. It is unlikely that any will be addressed by NCCIC-ICS on Thursday. I will address any remaining advisories and updates this weekend.
OSIsoft Advisory #1 - This advisory
describes a cross-site scripting vulnerability in the OSIsoft PI Web API.
OSIsoft Advisory #2 - This advisory
describes two vulnerabilities in the OSIsoft PI Vision data management platform.
mySCADA Advisory - This advisory
describes a relative path traversal vulnerability in the mySCADA myDESIGNER.
Siemens Advisory - This advisory
describes 13 vulnerabilities in the Siemens Nucleus RTOS TCP/IP Stack.
Schneider Advisory #1 - This advisory
describes three vulnerabilities in the Schneider GUIcon software.
Schneider Advisory #2 - This advisory
describes six vulnerabilities in the Schneider Network Management Cards (NMC)
and NMC Embedded Devices.
Philips Advisory - This advisory
describes three vulnerabilities in the Philips MRI 1.5T and 3T.
Advantech Update - This update provides additional information for an advisory that was originally published on June 22nd, 2021.
For more details on the advisories, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published - subscription required.
Posts
No comments:
Post a Comment