Today, CISA’s NCCIC-ICS published two control system security advisories for products from Airspan Networks and Johnson Controls. They also updated an advisory for products from FANUC.
Airspan Advisory - This advisory
describes seven vulnerabilities in the Airspan Mimosa products.
Johnson Controls Advisory - This advisory
describes an improper input validation vulnerability in the Johnson Controls (Sensormatic
subsidiary) DSC PowerManage operating platform.
NOTE: This NCCIC-ICS advisory does not mention the Log4Shell
vulnerability by name (it does list the CVE), even though Johnson Controls advisory
does. The Johnson Controls Log4Shell
advisory does not list the PowerManage product even though it does list other
Sensormatic PowerSeries products.
FANUC Update - This update
provides additional information on an advisory that was originally
published on December 7th, 2021.
For more details on these advisories, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-and-1-update-published-062
- subscription required.
Posts
No comments:
Post a Comment