Tuesday, August 16, 2022

Review – 7 Advisories and 1 Update Published – 8-16-22

Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Sequi, Emerson, B&R, Delta Industrial, Softing, LS Industrial Systems, and Yokogawa. They also updated an advisory for products from Siemens.

Sequi Advisory - This advisory describes two vulnerabilities in the Sequi PortBloque S serial Modbus firewall.

Emerson Advisory - This advisory describes six vulnerabilities in the Emerson Proficy Machine Edition.

B&R Advisory - This advisory describes an improper input validation vulnerability in the B&R Automation Studio PLC programming software.

NOTE: While this vulnerability was discussed in the Evil PLC Attack paper, it was originally reported by B&R on January 20th, 2022 which I reported earlier. B&R updated their advisory this week, adding a reference to the Evil PLC Attack paper.

Delta Advisory - This advisory describes an improper restriction of XML external entity reference vulnerability in the Delta DRAS controller software suite.

Softing Advisory - This advisory describes nine vulnerabilities in the Softing Secure Integration Server.

LS Industrial Advisory - This advisory describes an inadequate encryption strength vulnerability in the LS Industrial LS ELEC PLC and XG5000.

Yokogawa Advisory - This advisory describes a resource management errors vulnerability in the Yokogawa CENTUM VP/CS 3000 Controller FCS products.

NOTE: I briefly reported this vulnerability on July 30th, 2022.

Siemens Update - This update provides additional information on an advisory that originally published on May 12th, 2022 and most recently updated on July 12th, 2022.

NOTE: I briefly reported this update on Sunday.


For more details about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published-589 - subscription required.

No comments:

/* Use this with templates/template-twocol.html */