Thursday, September 15, 2022

Missed CISA Update for 9-13-22

Earlier this week I reported on four new CISA NCCIC-ICS control system security advisories published on Tuesday. Unfortunately, I relied on the CISA listing of new advisories/updates listed on the ICS-CERT Advisories page, which still just shows those advisories upon which I reported.


This morning, while checking my TWITTER® feed, I clicked on the link in an @ICS-CERT tweet about Tuesday’s advisories to a report on the National Cyber Awareness System about “CISA Releases Five Industrial Control Systems Advisories”. That page lists the four previously mentioned advisories plus an update for ICSA-20-324-02 Paradox IP150 (Update A). So here is my reporting on that update, sorry about the delay.

Paradox Update

This update provides additional information on an advisory that was originally published on November 17th, 2020 (not 2021 as reported in the latest update). The new information includes reporting that all firmware versions of the IP150 internet module are affected by the vulnerabilities. Interestingly, CISA did not remove the original listing of ‘firmware Version 5.02.09’ from the listing of ‘Affected Products’.

No comments:

/* Use this with templates/template-twocol.html */