Tuesday, March 22, 2022

Review – 1 Advisory and 1 Update Published – 3-22-22

Today, CISA’s NCCIC-ICS published both a control system security advisory and an update for a previously published advisory for products from Delta Electronics.

Delta Advisory - This advisory describes 17 vulnerabilities in the Delta DIAEnergie.

NOTE: Heinzl’s advisories (see here for example) provide a description of an extremely long coordination exercise with NCCIC-ICS to get Delta to complete work on the fix for these vulnerabilities.

Delta Update - This update provides additional information on an advisory that was originally published on August 26th, 2021 and most recently updated on December 16th, 2021.

For more details on these advisories, including links to researcher reports and reports on 12 additional SQL injection vulnerabilities in the products covered by today’s new advisory, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */