Tuesday, June 14, 2022

Review – 3 Advisories Published – 6-14-22

Today, CISA’s NCCIC-ICS published three control system security advisories for products from Mitsubishi Electric, Meridian Cooperative, and Johnson Controls.

Mitsubishi Advisory - This advisory describes improper input validation vulnerability in the Mitsubishi MELSEC-Q/L Series and iQ-R Series interface modules.

Meridian Advisory - This advisory describes an improper access control vulnerability in the Meridian utility software. The vulnerability was reported by Brandon Roach.

Johnson Controls - This advisory describes three vulnerabilities in the Johnson Controls Metasys ADS/ADX/OAS Servers.


For more details on these advisories as well as a Down the Rabbit Hole look at ADS/ADX/OAS Servers vulnerabilities, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-published-6-14-22 - subscription required.

No comments:

/* Use this with templates/template-twocol.html */