Tuesday, August 23, 2022

Review – 6 Advisories and 1 Update Published – 8-23-22

Today, CISA’s NCCIC-ICS published control system security advisories for products from Hitachi Energy, Measuresoft (2), mySCADA, Delta Industrial Automation, and ARC. They also updated an advisory for products from Illumina.

Hitachi Energy Advisory - This advisory describes a stack-based buffer overflow vulnerability in the Hitachi Energy RTU500 series CMU Firmware.

NOTE: I briefly discussed this vulnerability on July 2nd, 2022.

Measuresoft Advisory #1 - This advisory describes five vulnerabilities in  the Measuresoft ScadaPro Server and Client.

Measuresoft Advisory #2 - This advisory describes an out-of-bounds write vulnerability in the Measuresoft ScadaPro Server. The

MySCADA Advisory - This advisory describes a command injection vulnerability in the mySCADA myPRO HMI/SCADA system.

Delta Advisory - This advisory describes a use of hard-coded credentials vulnerability in the Delta DIALink server.

ARC Advisory - This advisory describes a cleartext storage of sensitive information vulnerability in the ARC PcVue OAuth web service.

NOTE: I briefly described this vulnerability on August 13th, 2022.

Illumina Update - This update provides additional information on an advisory that was originally published on June 2nd, 2022 (not 6-22-22 as reported in the update).


For more details about these advisories and update, including link to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-1-update-published - subscription required.

No comments:

/* Use this with templates/template-twocol.html */