Tuesday, December 7, 2021

Review - 3 Advisories Published – 12-7-21

Today, CISA’s NCCIC-ICS published three control system security advisories for products from Hitachi Energy and FANUC. The FANUC advisory was originally published to the restricted access Homeland Security Information Network (HSIN) ICS library on August 31, 2021.

XMC20 Advisory - This advisory describes two vulnerabilities in the Hitachi Energy XMC20 and FOX61x multi-service network elements.

NOTE: I briefly discussed the two Hitachi Energy advisories that form the basis for this advisory on November 27th, 2021.

RTU500 Advisory - This advisory discussing two vulnerabilities in the Hitachi RTU500 Series remote terminal unit.

NOTE: This advisory is based upon an update to the Hitachi advisory that was originally published on November 17th, 2021 and I briefly discussed on November 20th, 2021.

FANUC Advisory - This advisory describes two vulnerabilities in the FANUC R-30iA and R-30iB series robot controllers.

NOTE: The HSIN ICS Library allows the release of vulnerability information to be restricted to selected facilities so that mitigation measures can be put into place before the vulnerabilities are publicly released. In this instance the generic mitigation measures provided by FANUC and NCCIC-ICS hardly seem to justify the delayed release.

NOTE: For more details about these advisories, including links to 3rd party advisories, see my article at CSFN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-published-12-7-21 - subscription required.

No comments:

/* Use this with templates/template-twocol.html */