Today, CISA’s NCCIC-ICS published two control system security advisories for products from AVEVA and PTC. They also published an update for an advisory from Johnson Controls.
AVEVA Advisory - This advisory
describes a cleartext storage of sensitive information vulnerability in the AVEVA
System Platform.
NOTE: I briefly
discussed this vulnerability on February 19th, 2022.
PTC Advisory - This advisory
describes seven vulnerabilities in the PTC Axeda agent and Axeda Desktop Server.
NOTE: MDX/Forescout provides a list of 150 medical devices
that may be affected by Access:7. We should be seeing a lot more vendors
reporting on this vulnerability.
Johnson Controls Update - This update
provides additional information on an advisory that was originally
published on February 3rd, 2022.
For more details about these vulnerabilities, including
links to researcher reports, see may article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-and-1-update-published-ecd
- subscription required.
Posts
No comments:
Post a Comment