Thursday, February 24, 2022

Review – 4 Advisories Published – 2-24-22

Today, CISA’s NCCIC-ICS published four control system security advisories for product from Baker Hughes, Schneider Electric, Mitsubishi Electric and FATEK Automation.

Baker Hughes Advisory - This advisory describes a use of password hash with insufficient computational effort vulnerability in the Baker Hughes Bently Nevada 3500 machinery protection system.

NOTE: This advisory was originally published to the HSIN ICS library on August 19th, 2021. This allows CISA to share the information with critical infrastructure organizations prior to making the vulnerability public. To request access to the HSIN ICS library email HSIN.HelpDesk@hq.dhs.gov.

Schneider Advisory - This advisory describes three vulnerabilities on the Schneider Easergy P5 and P3 medium voltage protection relays.

NOTE: I briefly discussed the two Schneider advisories for these vulnerabilities on January 16th, 2022.

Mitsubishi Advisor - This advisory describes nine vulnerabilities in the Mitsubishi EcoWebServerIII.

NOTE: I briefly discussed these vulnerabilities last Saturday.

FATEK Advisory - This advisory describes three vulnerabilities in the FATECK FvDesigner software tool.

 

For more information on these advisories, including links to third-party vendors, researchers and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-2-24-22 - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */