Today, CISA’s NCCIC-ICS published five control system security advisories for products from AutomationDirect, Mitsubishi Electric, Rockwell Automation, Johnson Controls, and ABB. They also published an update for products from Rockwell.
AutomationDirect Advisory - This advisory
describes a cleartext transmission of sensitive information vulnerability in
the AutomationDirect Stride Field I/O product.
Mitsubishi Advisory - This advisory
describes seven vulnerabilities in the ICONICS Product Suite, and Mitsubishi MC
Works64.
Rockwell Advisory - This advisory
describes three vulnerabilities in the Rockwell ISaGRAF Workbench.
Johnson Controls - This advisory
describes a missing authentication for critical function vulnerability in the
Johnson Controls Metasys ADS, ADX, OAS with MUI server.
ABB Advisory - This advisory
describes five different improper privilege management vulnerabilities in the
ABB Drive Composer, Automation Builder, Mint Workbench products.
Rockwell Update - This update
provides additional details on an advisory that was originally
published on March 29th, 2022.
NOTE: Rockwell has not updated their
advisory, and the new information is not reflected in the original Rockwell
advisory.
For more details on these advisories and update, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-1-update-published-0f2
- subscription required.
Posts
No comments:
Post a Comment