Today, CISA’s NCCIC-ICS published a control system security advisory for products from Johnson Controls and updated an advisory for products from Delta Electronics.
Johnson Controls Advisory - This advisory
describes an improper privilege management vulnerability in the Johnson
Controls Metasys ADS/ADX/OAS Servers.
Delta Update - This update provides
additional information on an advisory that was originally
published on March 22nd, 2022 and most
recently updated on March 29th, 2022.
NOTE: The 14 added vulnerabilities and two of the three
removed vulnerabilities are all SQL injection vulnerabilities. The odd-one-out is
an uncontrolled search path element vulnerability.
For more details about these advisories, including details
about the added and removed vulnerabilities, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-1-update-published-594
- subscription required.
Posts
No comments:
Post a Comment