Today, CISA’s NCCIC-ICS published four control system security advisories for products from Moxa, Inductive Automation, and Honeywell (2). They also updated an advisory for products from Mitsubishi.
Moxa Advisory - This advisory
describes two out-of-bounds write vulnerabilities in the MOXA NPort 5110 device
server.
NOTE: I briefly
discussed these vulnerabilities on June 11th, 2022.
Inductive Automation Advisory - This advisory
describes an improper restriction of XML external entity reference vulnerability
in the Inductive Automation Ignition software.
Saia Burgess Advisory - This advisory discusses
the OT:ICEFALL
vulnerabilities in the Honeywell Saia Burgess PG5 PCD PLC.
Safety Manager Advisory - This advisory discusses
the OT:ICEFALL vulnerabilities in the Honeywell Experion PKS Safety Manager.
Mitsubishi Update - This update provides additional information on an advisory that was originally published on November 30th, 2021 and most recently updated on June 7th, 2022.
Commentary
The OT:ICEFALL report lists vulnerabilities in three additional Honeywell Products:
• TREND controls products - CVE-2022-30312,
• Experion LS - CVE-2022-30317, and
• Control Edge - CVE-2022-30318
For more details on these advisories and update, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-1-update-published-737
- subscription required.
Posts
No comments:
Post a Comment