Tuesday, September 6, 2022

Review – 4 Advisories and 1 Update Published – 9-6-22

Today, CISA’s NCCIC-ICS published four control system security advisories for products from Hitachi Energy, Cognex, AVEVA, and Triangle Microworks. They also updated an advisory for products from Delta Electronics.


Hitachi Advisory - This advisory describes three vulnerabilities in the Hitachi Energy TXpert Hub CoreTec 4 digital transformer monitoring and diagnostics device.

NOTE: I briefly discussed the vulnerabilities on May 14th, 2022.

Cognex Advisory - This advisory describes three vulnerabilities in the Cognex 3D-A1000 Dimensioning System, an industrial smart camera.

AVEVA Advisory - This advisory describes six vulnerabilities in the AVEVA Edge (formerly InduSoft Web Studio).

NOTE: I briefly discussed these vulnerabilities on August 20th, 2022.

Triangle Microworks Advisory - This advisory describes an access of uninitialized pointer vulnerabilities in the Triangle Microworks TMW IEC 61850 and TMW IEC 60870-6 (ICCP/TASE.2) Software Libraries.

Delta Update - This update provides additional information on an advisory that was originally published on September 9th, 2021.


For more details about these advisories, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-1-update-published-ee3 - subscription required.

No comments:

/* Use this with templates/template-twocol.html */