Today CISA’s NCCIC-ICS published an update for an advisory for products from Treck. CISA (separately from NCCIC-ICS) published an advisory for products from OpenSSL that is very likely to show up as a third-party advisory for products from various vendors.
Treck Update - This update
provides additional information on an advisory that was originally published on
June 16th, 2020 and most
recently updated on August 20th, 2020.
NOTE #1: I discussed
the ‘new’ PEPPERL+FUCHS advisory on August 21st, 2021
OpenSSL Advisory - CISA briefly
reports the OpenSSL advisory which
describes an infinite loop vulnerability in the BN_mod_sqrt() function when
parsing certificates.
NOTE: With so many industrial control systems using OpenSSL
for a variety of security functions, I expect that we will be seeing this
vulnerability being reported by multiple vendors as a third-party
vulnerability.
For more details on these two advisories, including
discussion about Ripple20 exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-update-and-1-3rd-party-advisory
- subscription required.
Posts
No comments:
Post a Comment