Today, CISA’s NCCIC-ICS published two control system security advisories for products from Johnson Control and Moxa.
Johnson Controls Advisory - This advisory discusses
the original Log4Shell vulnerability
in the Johnson Control Exacq Technologies Enterprise Manager.
NOTE: It is interesting that nowhere does the NCCIC-ICS
advisory mention the Apache vulnerabilities except by the CVE #. This would
have been a good place to publish a reference to yesterday’s CISA, et al, advisory on “Mitigating
Log4Shell and Other Log4j-Related Vulnerabilities”, especially since this is
the first NCCIC-ICS advisory on Log4Shell.
Moxa Advisory - This advisory
describes a clear-text transmission of sensitive information vulnerability in
the Moxa MGate MB3180/MB3280/MB3480 Series Protocol Gateways.
NOTE: It looks like NCCIC-ICS is reporting the wrong CVE number for this advisory.
For more details about these advisories, see my article at
CFSN Detailed Analysis - - subscription required.
Posts
No comments:
Post a Comment