Thursday, January 6, 2022

Review - 4 Advisories Published – 1-6-22

Today, CISA’s NCCIC-ICS published three control system security advisories for products from IDEC, Fernhill and Omron. They also published a medical device security advisory for products from Philips.

IDEC Advisory - This advisory describes four vulnerabilities in the IDEC PLC’s.

NOTE 1: I briefly reported on these vulnerabilities on December 25th, 2021.

Fernhill Advisory - This advisory describes an uncontrolled resource consumption vulnerability in the Fernhill SCADA Server.

Omron Advisory - This advisory describes a stack-based buffer overflow vulnerability in the Omron CX-One automation software.

Philips Advisory - This advisory describes an improper access control vulnerability in the Philips Engage customer support software platform.

For more details about these advisories, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */