Today, CISA’s NCCIC-ICS published four control system security advisories for products from Distributed Data Systems, Emerson, Yokogawa, Exemys. They also updated advisories from CODESYS and Mitsubishi Electric.
Distributed Data Systems Advisory - This advisory
describes two vulnerabilities in the Distributed Data Systems WebHMI.
Emerson Advisory - This advisory discusses
the OT:ICEFALL vulnerabilities
in the Emerson DeltaV Distributed Control System.
NOTE: There are still 15 Emerson OT:ICEFALL vulnerabilities
that have not been covered by NCCIC-ICS in Emerson products including: Ovation,
OpenBSI, ControlWave, and FANUC.
Yokogawa Advisory - This advisory
describes a use of insufficiently random values vulnerability in the Yokogawa Wide
Area Communication (WAC) Router.
Exemys Advisory - This advisory
describes an improper authentication vulnerability in the Exemys RME1 analog
acquisition module.
CODESYS Update - This update
provides additional information on an advisory that was originally
published on September 15th, 2015.
Mitsubishi Update - This update
provides additional information on an advisory that was originally published on
December 16th, 2021.
For more information on these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-2-updates-published
- subscription required.
Posts
No comments:
Post a Comment