Today, CISA’s NCCIC-ICS published control system security advisories for products from Hitachi Energy, Measuresoft (2), mySCADA, Delta Industrial Automation, and ARC. They also updated an advisory for products from Illumina.
Hitachi Energy Advisory - This advisory
describes a stack-based buffer overflow vulnerability in the Hitachi Energy RTU500
series CMU Firmware.
NOTE: I briefly
discussed this vulnerability on July 2nd, 2022.
Measuresoft Advisory #1 - This advisory
describes five vulnerabilities in the
Measuresoft ScadaPro Server and Client.
Measuresoft Advisory #2 - This advisory
describes an out-of-bounds write vulnerability in the Measuresoft ScadaPro
Server. The
MySCADA Advisory - This advisory
describes a command injection vulnerability in the mySCADA myPRO HMI/SCADA
system.
Delta Advisory - This advisory
describes a use of hard-coded credentials vulnerability in the Delta DIALink
server.
ARC Advisory - This advisory
describes a cleartext storage of sensitive information vulnerability in the ARC
PcVue OAuth web service.
NOTE: I briefly
described this vulnerability on August 13th, 2022.
Illumina Update - This update
provides additional information on an advisory that was originally
published on June 2nd, 2022 (not 6-22-22 as reported in the
update).
For more details about these advisories and update,
including link to researcher reports, see my article at CFSN Detailed Analysis
- https://patrickcoyle.substack.com/p/6-advisories-and-1-update-published
- subscription required.
Posts
No comments:
Post a Comment