Today, CISA’s NCCIC-ICS published one control system security advisory for products from Fuji Electric, and two medical device security advisories for products from BD. They also updated four control system security advisories for products from Mitsubishi.
Fuji Advisory - This advisory
describes a stack-based buffer overflow vulnerability in the Fuji Alpha7 PC
Loader servo drive system.
NOTE: See the report by Heinzl
about the timeline of the disclosure. The fix is long-time coming….
BD Advisory #1 - This advisory
describes an insufficient session expiration vulnerability in the BD Synapsys
microbiology informatics software platform.
BD Advisory #2 - This advisory
describes a not using password aging vulnerability in BD Pyxis automated
medication dispensing systems.
NOTE: This CVE (CVE-2022-22766) was previously
reported in BD Pyxis products by NCCIC-ICS (ICSMA-22-062-01)
as a ‘use of hard-coded credentials vulnerability’ which coincides with the
description in today’s advisory if not the name of the vulnerability in Section
3.2.1.
Mitsubishi Update #1 - This update
provides additional information on an advisory that was originally
published on May 19th, 2022.
Mitsubishi Update #2 - This update
provides additional information on an advisory that was originally published on
March 31st, 2022.
Mitsubishi Update #3 - This update
provides additional information on an advisory that was originally
published on September 1st, 2020 and most
recently updated on September 9th, 2021.
Mitsubishi Update #4 - This update
provides additional information on an advisory that was originally
published on July 30th, 2020 and most
recently updated on January 5th, 2021.
For more details on these advisories and updates, including
discussions about BD advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-4-updates-published
- subscription.
Posts
No comments:
Post a Comment