Today, CISA’s NCCIC-ICS published three control system security advisories for products from Hitachi Energy and FANUC. The FANUC advisory was originally published to the restricted access Homeland Security Information Network (HSIN) ICS library on August 31, 2021.
XMC20 Advisory - This advisory
describes two vulnerabilities in the Hitachi Energy XMC20 and FOX61x
multi-service network elements.
NOTE: I briefly
discussed the two Hitachi Energy advisories that form the basis for this
advisory on November 27th, 2021.
RTU500 Advisory - This advisory discussing
two vulnerabilities in the Hitachi RTU500 Series remote terminal unit.
NOTE: This advisory is based upon an update to the Hitachi
advisory that was originally published on November 17th, 2021 and I briefly
discussed on November 20th, 2021.
FANUC Advisory - This advisory
describes two vulnerabilities in the FANUC R-30iA and R-30iB series robot
controllers.
NOTE: The HSIN ICS Library allows the release of vulnerability information to be restricted to selected facilities so that mitigation measures can be put into place before the vulnerabilities are publicly released. In this instance the generic mitigation measures provided by FANUC and NCCIC-ICS hardly seem to justify the delayed release.
NOTE: For more details about these advisories, including
links to 3rd party advisories, see my article at CSFN Detailed
Analysis - https://patrickcoyle.substack.com/p/3-advisories-published-12-7-21
- subscription required.
Posts
No comments:
Post a Comment