Thursday, February 3, 2022

Review - 2 Advisories and 1 Update Published – 2-3-22

 Today, CISA’s NCCIC-ICS published two control system security advisories for products from Airspan Networks and Johnson Controls. They also updated an advisory for products from FANUC.

Airspan Advisory - This advisory describes seven vulnerabilities in the Airspan Mimosa products.

Johnson Controls Advisory - This advisory describes an improper input validation vulnerability in the Johnson Controls (Sensormatic subsidiary) DSC PowerManage operating platform.

NOTE: This NCCIC-ICS advisory does not mention the Log4Shell vulnerability by name (it does list the CVE), even though Johnson Controls advisory does. The Johnson Controls Log4Shell advisory does not list the PowerManage product even though it does list other Sensormatic PowerSeries products.

FANUC Update - This update provides additional information on an advisory that was originally published on December 7th, 2021.


For more details on these advisories, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */