Today, CISA’s NCCIC-ICS published four control system security advisories for product from Baker Hughes, Schneider Electric, Mitsubishi Electric and FATEK Automation.
Baker Hughes Advisory - This advisory
describes a use of password hash with insufficient computational effort
vulnerability in the Baker Hughes Bently Nevada 3500 machinery protection
system.
NOTE: This advisory was originally published to the HSIN ICS
library on August 19th, 2021. This allows CISA to share the
information with critical infrastructure organizations prior to making the
vulnerability public. To request access to the HSIN ICS library email HSIN.HelpDesk@hq.dhs.gov.
Schneider Advisory - This advisory
describes three vulnerabilities on the Schneider Easergy P5 and P3 medium
voltage protection relays.
NOTE: I briefly
discussed the two Schneider advisories for these vulnerabilities on January
16th, 2022.
Mitsubishi Advisor - This advisory
describes nine vulnerabilities in the Mitsubishi EcoWebServerIII.
NOTE: I briefly
discussed these vulnerabilities last Saturday.
FATEK Advisory - This advisory
describes three vulnerabilities in the FATECK FvDesigner software tool.
For more information on these advisories, including links to
third-party vendors, researchers and exploits, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-2-24-22
- subscription required.
Posts
No comments:
Post a Comment