Tuesday, October 4, 2022

Review – 5 Advisories Published – 10-4-22

Today, CISA’s NCCIC-ICS published four control system security advisories for products from Johnson Controls, Hitachi Energy, Horner Automation, and Omron. They also published a medical device advisory for products from BD.

Johnson Control Advisory - This advisory describes an improper authentication vulnerability in the Johnson Controls Metasys ADX Server.

Hitachi Energy Advisory - This advisory describes two vulnerabilities in the Hitachi Energy Modular Switchgear Monitoring product.

NOTE: I briefly discussed these vulnerabilities on July 16th, 2022.

Horner Advisory - This advisory describes two vulnerabilities in the Horner Cscape PLC control software.

Omron Advisory - This advisory describes three separate out-of-bounds write vulnerabilities in the Omron CX-Programmer.

BD Advisory - This advisory describes a use of hard-coded credentials vulnerability in the BD Totalys MultiProcessor.

NOTE: The BD advisory notes that they have reported this vulnerability to the FDA, but there is nothing on the FDA cybersecurity web site about the vulnerability, probably because the vulnerability only affects patient information.


For more details about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-published-10-4-22 - subscription required.

No comments:

/* Use this with templates/template-twocol.html */