Today CISA’s NCCIC-ICS published a control system security advisory for products from Digi International. They also updated an advisory for products from Inductive Automation.
Digi Advisory - This advisory
describes an execution with unnecessary privileges vulnerability in the Digi ConnectPort
X2D Gateway.
Inductive Automation Update - This update
provides additional information on an advisory that was originally
published on July 26th, 2022.
NOTE: The Inductive Automation blog
provides an interesting discussion about how the vulnerability can be exploited.
For more details on the advisory and update, as well as a
down-the-rabbit-hole look at changes in affected version numbers, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-1-update-published-62d -
subscription required.
Posts
No comments:
Post a Comment