Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Sequi, Emerson, B&R, Delta Industrial, Softing, LS Industrial Systems, and Yokogawa. They also updated an advisory for products from Siemens.
Sequi Advisory - This advisory
describes two vulnerabilities in the Sequi PortBloque S serial Modbus firewall.
Emerson Advisory - This advisory
describes six vulnerabilities in the Emerson Proficy Machine Edition.
B&R Advisory - This advisory
describes an improper input validation vulnerability in the B&R Automation
Studio PLC programming software.
NOTE: While this vulnerability was discussed in the Evil
PLC Attack paper, it was originally reported by B&R on January 20th,
2022 which I reported
earlier. B&R updated their
advisory this week, adding a reference to the Evil PLC Attack paper.
Delta Advisory - This advisory
describes an improper restriction of XML external entity reference vulnerability
in the Delta DRAS controller software suite.
Softing Advisory - This advisory
describes nine vulnerabilities in the Softing Secure Integration Server.
LS Industrial Advisory - This advisory
describes an inadequate encryption strength vulnerability in the LS Industrial LS
ELEC PLC and XG5000.
Yokogawa Advisory - This advisory
describes a resource management errors vulnerability in the Yokogawa CENTUM
VP/CS 3000 Controller FCS products.
NOTE: I briefly
reported this vulnerability on July 30th, 2022.
Siemens Update - This update
provides additional information on an advisory that originally
published on May 12th, 2022 and most
recently updated on July 12th, 2022.
NOTE: I briefly
reported this update on Sunday.
For more details about these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published-589
- subscription required.
Posts
No comments:
Post a Comment