Today, CISA’s NCCIC-ICS published five control system security advisories for products from Aethon, Mitsubishi Electric (2), Inductive Automation, and Valmet.
Aethon Advisory - This advisory
describes five vulnerabilities in the Aethon TUG Home Base Server (a server
used to control and communicate with autonomous mobile robots).
Mitsubishi Advisory #1 - This advisory discussing
the FragAttacks WiFi
vulnerabilities in the Mitsubishi Wireless
LAN communication unit GT25-WLAN in GOT2000 Series GT25 or GT27.
Mitsubishi Advisory #2 - This advisory discusses
a heap-based buffer overflow vulnerability in the MELSEC-Q Series C Controller
Module.
NOTE: I briefly
discussed this vulnerability on Sunday.
Inductive Automation Advisory - This advisory
describes a path traversal vulnerability in the Inductive Automation Ignition
software.
Valmet Advisory - This advisory
describes an inadequate encryption strength vulnerability in the Valmet DNA, distributed
control system.
For more details on these advisories, including links to
researcher reports and notes about other items of potential interest to OT
cybersecurity community, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-published-4-12-22
- subscription required.
Posts
No comments:
Post a Comment