Review – 5 Advisories and 1 Update Published – 3-29-22

Today, CISA’s NCCIC-ICS published four control system security advisories for products from Modbus, Hitachi Energy, Omron and Rockwell Automation. They also published a medical device security advisory for products from Philips. Finally, they updated an advisory for products from Delta Electronics.

Modbus Advisory - This advisory describes a stack-based buffer overflow vulnerability in the Modbus Tools Modbus Slave.

Hitachi Energy - This advisory describes four vulnerabilities in the Hitachi Energy LinkOne WebView  enterprise graphical parts catalog.

NOTE: I briefly reported on these vulnerabilities in December 2021.

Omron Advisory - This advisory describes four vulnerabilities in the Omron CX-Position position control software.

Rockwell Advisory - This advisory describes an improper restriction of XML external entity reference vulnerability in the Rockwell ISaGRAF workbench products.

Philips Advisory - This advisory describes a missing authentication for critical function vulnerability in the Philips e-Alert MRI system monitoring platform.

Delta Update - This update provides additional information on an advisory that was originally published on March 22^nd, 2022.

 

For more details on these advisories, including links to researcher advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-1-update-published-559 - subscription required.