Today, CISA’s NCCIC-ICS published a control system security advisory for products from MZ Automation and a medical device security advisory for products from Baxter. They also updated advisories for products from PTC and Hillrom.
MZ Advisory - This advisory describes
four vulnerabilities in the MZ Automation libIEC61850, a library for IEC 61850
implementation.
NOTE: Since this is a library product, the vulnerabilities
are only exploitable in a product in which the library is used. So, we can
expect to see this show up as third-party vulnerabilities in products from
other vendors.
Baxter Advisory - This advisory discusses
four vulnerabilities (with proof-of-concept code available) in the Sigma and
Baxter Spectrum Infusion Pumps. The Baxter
advisory notes that the vulnerabilities only affect the Spectrum Wireless
Battery Module (WBM) that may be used by the infusion pumps.
PTC Update - This update
provides new information on an advisory that was originally
published on August 30th, 2022.
Hillrom Update - This update
provides new information on an advisory that was originally
published on June 1st, 2021 and most recently updated on
December 14th, 2021.
NOTE: The Hillrom
advisory is nearly a duplicate of the CISA advisory (including the
questionable use of the CISA seal), but it specifically mentions the December
14th, 2021 update where the CISA advisory does not directly. I also
like their use of the ‘Unclassified’ document marking.
For more details about these advisories and updates,
including links to researcher reports, see my article at CFSN Detailed Analysis
- https://patrickcoyle.substack.com/p/2-advisories-and-2-updates-published
- subscription required.
Posts
No comments:
Post a Comment