Today, CISA’s NCCIC-ICS published two control system security advisories for products from Johnson Controls and Rockwell Automation and one medical device security advisory for products from LifePoint Informatics. They also updated another medical device advisory for products from Philips.
Johnson Controls Advisory - This advisory
describes a server-side request forgery in the Johnson Controls Metasys
building automation system.
NOTE: I briefly
reported on these vulnerabilities on March 19th, 2022.
Rockwell Advisory - This advisory
describes a deserialization of untrusted data vulnerability in the Rockwell Connected
Components Workbench, ISaGRAF Workbench, and Safety Instrumented System
Workstation products.
LifePoint Advisory - This advisory
describes an authentication bypass using an alternate path or channel vulnerability
in the LifePoint Patient Portal.
Philips Update - This update
provides additional information on an advisory that was originally
published on July 6th, 2021 and most
recently updated on January 11th, 2022.
For more details on these advisories, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-1-update-published-dd2
- subscription required.
Posts
No comments:
Post a Comment