Tuesday, May 31, 2022

Review – 3 Advisories and 4 Updates Published – 5-31-22

Today, CISA’s NCCIC-ICS published one control system security advisory for products from Fuji Electric, and two medical device security advisories for products from BD. They also updated four control system security advisories for products from Mitsubishi.

Fuji Advisory - This advisory describes a stack-based buffer overflow vulnerability in the Fuji Alpha7 PC Loader servo drive system.

NOTE: See the report by Heinzl about the timeline of the disclosure. The fix is long-time coming….

BD Advisory #1 - This advisory describes an insufficient session expiration vulnerability in the BD Synapsys microbiology informatics software platform.

BD Advisory #2 - This advisory describes a not using password aging vulnerability in BD Pyxis automated medication dispensing systems.

NOTE: This CVE (CVE-2022-22766) was previously reported in BD Pyxis products by NCCIC-ICS (ICSMA-22-062-01) as a ‘use of hard-coded credentials vulnerability’ which coincides with the description in today’s advisory if not the name of the vulnerability in Section 3.2.1.

Mitsubishi Update #1 - This update provides additional information on an advisory that was originally published on May 19th, 2022.

Mitsubishi Update #2 - This update provides additional information on an advisory that was originally published on March 31st, 2022.

Mitsubishi Update #3 - This update provides additional information on an advisory that was originally published on September 1st, 2020 and most recently updated on September 9th, 2021.

Mitsubishi Update #4 - This update provides additional information on an advisory that was originally published on July 30th, 2020 and most recently updated on January 5th, 2021.

 

For more details on these advisories and updates, including discussions about BD advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-4-updates-published - subscription.

No comments:

 
/* Use this with templates/template-twocol.html */