Today, CISA’s NCCIC-ICS published four control system and one medical device security advisory for products from Host Engineering, Dataprobe, Hitachi Energy (2) and Medtronic. They also published updates for three advisories for products from MiCODUS and AutomationDirect (2).
Host Engineering Advisory - This advisory describes
a stack-based buffer overflow vulnerability in the Host Engineering H0-ECOM100
Communications Module.
Dataprobe Advisory - This advisory describes
seven vulnerabilities in the Dataprobe Dataprobe iBoot-PDU.
Hitachi Energy Advisory #1 - This advisory discusses
a stack-based buffer overflow vulnerability in the Hitachi Energy AFF660/665
Firewall.
NOTE: I briefly
discussed this vulnerability on July 30th, 2022.
Hitachi Energy Advisory #2 - This advisory discusses
an improper access control vulnerability, with a known exploit, in the Hitachi
Energy PROMOD IV and the PROMOD-Generator energy planning systems.
I briefly
discussed this vulnerability on June 18th, 2022.
Medtronic Advisory - This advisory describes
a protection measure failure vulnerability in the Medtronic NGP 600 Series
Insulin Pumps and accessory components.
MiCODUS Update - This update
provides additional information on an advisory that was originally
published on July 19th, 2022.
AutomationDirect Update #1 - This update
provides additional information on an advisory that was originally
published on June 16th, 2022.
AutomationDirect Update #2 - This update
provides additional information on an advisory that was originally
published on June 16th, 2022.
For more details on the NCCIC-ICS reports, including links
to researcher reports, third-party advisories and exploits, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-3-updates-published
- subscription required.
Posts
No comments:
Post a Comment