Today, CISA’s NCCIC-ICS published four control system security advisories for products from Johnson Controls, Hitachi Energy, Horner Automation, and Omron. They also published a medical device advisory for products from BD.
Johnson Control Advisory - This advisory describes
an improper authentication vulnerability in the Johnson Controls Metasys ADX
Server.
Hitachi Energy Advisory - This advisory describes
two vulnerabilities in the Hitachi Energy Modular Switchgear Monitoring
product.
NOTE: I briefly
discussed these vulnerabilities on July 16th, 2022.
Horner Advisory - This advisory describes
two vulnerabilities in the Horner Cscape PLC control software.
Omron Advisory - This advisory describes
three separate out-of-bounds write vulnerabilities in the Omron CX-Programmer.
BD Advisory - This advisory describes
a use of hard-coded credentials vulnerability in the BD Totalys MultiProcessor.
NOTE: The BD advisory notes that they have reported this vulnerability
to the FDA, but there is nothing on the FDA cybersecurity
web site about the vulnerability, probably because the vulnerability only
affects patient information.
For more details about these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-published-10-4-22
- subscription required.
No comments:
Post a Comment