Thursday, August 4, 2022

Review – 1 Advisory and 1 Update Published – 8-4-22

Today CISA’s NCCIC-ICS published a control system security advisory for products from Digi International. They also updated an advisory for products from Inductive Automation.

 

Digi Advisory - This advisory describes an execution with unnecessary privileges vulnerability in the Digi ConnectPort X2D Gateway.

Inductive Automation Update - This update provides additional information on an advisory that was originally published on July 26th, 2022.

NOTE: The Inductive Automation blog provides an interesting discussion about how the vulnerability can be exploited.

 

For more details on the advisory and update, as well as a down-the-rabbit-hole look at changes in affected version numbers, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-1-update-published-62d   - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */