Today, CISA’s NCCIC-ICS published five control system security advisories for products from Elcomplus (2), FANUC, and Carrier (2). They also updated their advisory for multiple RTOS products.
Elcomplus Advisory #1 - This advisory
describes five vulnerabilities in the Elcomplus SmartPPT SCADA Server
integrated voice and data dispatch software.
Elcomplus Advisory #2 - This advisory
describes four vulnerabilities in the Elcomplus SmartPPT SCADA integrated voice
and data dispatch software.
FANUC Advisory - This advisory
describes five vulnerabilities in the FANUC ROBOGUIDE simulation platform
software suite for FANUC Robots.
NOTE: On April 9th, 2022, I briefly reported (subscription
required) on a FANUC advisory
that reported two of the above CVE’s (CVE-2021-38483 and CVE-2021-43986).
Carrier Advisory - This advisory
describes an open redirect vulnerability in the Automated Logic (subsidiary of
Carrier) WebCtrl Server building automation software products.
Carrier Advisory #2 - This advisory
describes two vulnerabilities in the Interlogix (subsidiary of Carrier) Hills
ComNav remote access integration modules for the Hills Reliance security alarm system.
NOTE: The Carrier
advisory lists two additional vulnerabilities.
Multiple RTOS Update - This update
provides additional information on an advisory that was originally
published on April 29th, 2021 and most
recently updated on November 30th, 2021.
NOTE: I briefly
reported on these three advisories on December 18th, 2021.
For more details about these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-1-update-published-995
- subscription required.
Posts
No comments:
Post a Comment