Today CISA’s NCCIC-ICS published a control systems security advisory for products from Hitachi Energy and updated an advisory for products from Mitsubishi Electric. Additionally, CISA revised the landing page for their Industrial Control System web site, including moving their announcements of new advisories to a similarly revised ICS Advisories web page.
Advisories
Hitachi Energy Advisory - This advisory
describes seven vulnerabilities in the Hitachi Energy System Data Manager –
SDM600.
NOTE: I briefly
reported these vulnerabilities on December 25, 2021.
Mitsubishi Update - This update provides additional information on an advisory that was originally published on November 30th, 2021 and most recently updated on January 27th, 2022.
New Web Site
The new landing page is a complete rewrite, along with a new URL (https://www.cisa.gov/ics; the old URL redirects). It starts off with the new header: “CISA’S ROLE IN INDUSTRIAL CONTROL SYSTEMS”. Then it goes on to list four ‘core priorities’ and three goals. Finally, it provides links to four other areas of interest to the ICS community:
Industrial Control Systems Joint Working Group (ICSJWG), and
What is specifically missing here is a working definition of what CISA is going to consider to be ‘Industrial Control Systems’ going forward. Advisories that have been published under this heading have included such non-industrial systems as medical devices, vehicles, IP cameras, building control systems, fire safety systems and security systems.
For more details on the advisories, including links to
third-party advisories, and a discussion about the potential changes in
vulnerability reporting, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-1-update-published-012
- subscription required.
Posts
No comments:
Post a Comment