Tuesday, January 11, 2022

Review – 1 Advisory Published – 1-11-22

Today, CISA’s NCCIC-ICS published a control system security advisory for products from Johnson Controls.

Johnson Controls Advisory - This advisory describes an improper handling of syntactically invalid structure vulnerability in the Johnson Controls (American Dynamics) VideoEdge network video recorder.

NOTE: I briefly described this vulnerability on December 25th, 2021. Johnson Controls updated their advisory to add the NCCIC-ICS advisory number and link.

Log4Shell Update - While on the Johnson Controls advisory page looking at the original notice for today’s NCCIC-ICS advisory, I noticed that they had updated their Log4Shell advisory for the 15th time yesterday.

2nd Tuesday Advisories - For the third month in a row, NCCIC-ICS has not addressed any of the 2nd Tuesday advisories that were published by Siemens and Schneider today.

For more details about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-published-1-11-22 - subscription required.

No comments:

/* Use this with templates/template-twocol.html */