Today, CISA’s NCCIC-ICS published a control system security advisory for products from Johnson Controls.
Johnson Controls Advisory - This advisory
describes an improper handling of syntactically invalid structure vulnerability
in the Johnson Controls (American Dynamics) VideoEdge network video recorder.
NOTE: I briefly described this vulnerability on December 25th,
2021. Johnson Controls updated their
advisory to add the NCCIC-ICS advisory number and link.
Log4Shell Update - While on the Johnson Controls advisory
page looking at the original notice for today’s NCCIC-ICS advisory, I
noticed that they had updated their Log4Shell
advisory for the 15th time yesterday.
2nd Tuesday Advisories - For the third month in a row, NCCIC-ICS has not addressed any of the 2nd Tuesday advisories that were published by Siemens and Schneider today.
For more details about these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-published-1-11-22
- subscription required.
Posts
No comments:
Post a Comment