Tuesday, September 13, 2022

Review – 4 Advisories Published – 9-13-22

Today, CISA’s NCCIC-ICS published four control system security advisories for products from Hitachi Energy, Honeywell, Kingspan, and Delta Industrial Automation.

Hitachi Energy Advisory - This advisory discusses an off-by-one error vulnerability with known exploits in the Hitachi Energy TXpert Hub CoreTec 4 digital transformer monitoring and diagnostics device.

NOTE: I briefly discussed this vulnerability on May 14th, 2022.

Honeywell Advisory - This advisory describes two vulnerabilities in the Honeywell SoftMaster desktop PLC application.

Kingspan Advisory - This advisory describes an improper authentication vulnerability in the Kingspan TMS300 CS water tank management system.

Delta Advisory - This advisory describes a use of hard-coded credentials vulnerability in the Delta DIAEnergie industrial energy management system.


For more details on these advisories, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-9-13-22 - subscription required.

No comments:

/* Use this with templates/template-twocol.html */