Today, CISA’s NCCIC-ICS published two control system security advisories for products from Matrikon and Rockwell Automation. They also updated two advisories for products from Mitsubishi.
NOTE: Mitsubishi published two additional advisory updates today. Unless NCCIC-ICS covers those Thursday, I will report on them this weekend.
Matrikon Advisory - This advisory describes
an improper access control vulnerability in the Matrikon OPC Server.
NOTE: This vulnerability does not appear to be related to
the Pwn2Own
Miami 2022 competition that resulted in findings of multiple
vulnerabilities in the OPC UA Server category, but it seems odd that so many
different OPC UA Server vulnerabilities are being reported in so close a time proximity.
Rockwell Advisory - This advisory describes
an uncontrolled resource consumption vulnerability in the Rockwell Logix
Controllers.
Mitsubishi Update #1 - This update
provides additional information on an advisory that originally
published on July 30th, 2020 and most
recently updated on February 8th, 2022.
Mitsubishi Update #2 - This update
provides additional information on an advisory that was originally
published on February 18th, 2021 and most
recently updated on February 8th, 2022.
For more information on these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-2-updates-published
- subscription required.
Posts
No comments:
Post a Comment