Thursday, July 21, 2022

Review – 5 Advisories and 1 Update Published – 7-21-22

Today, CISA’s NCCIC-ICS published five control system security advisories for products from AutomationDirect, Mitsubishi Electric, Rockwell Automation, Johnson Controls, and ABB. They also published an update for products from Rockwell.

AutomationDirect Advisory - This advisory describes a cleartext transmission of sensitive information vulnerability in the AutomationDirect Stride Field I/O product.

Mitsubishi Advisory - This advisory describes seven vulnerabilities in the ICONICS Product Suite, and Mitsubishi MC Works64.

Rockwell Advisory - This advisory describes three vulnerabilities in the Rockwell ISaGRAF Workbench.

Johnson Controls - This advisory describes a missing authentication for critical function vulnerability in the Johnson Controls Metasys ADS, ADX, OAS with MUI server.

ABB Advisory - This advisory describes five different improper privilege management vulnerabilities in the ABB Drive Composer, Automation Builder, Mint Workbench products.

Rockwell Update - This update provides additional details on an advisory that was originally published on March 29th, 2022.

NOTE: Rockwell has not updated their advisory, and the new information is not reflected in the original Rockwell advisory.


For more details on these advisories and update, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */