Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Delta Electronics (2), Johnson Controls, Hitachi Energy, Siemens, HEIDENHAIN, and Haas Automation. They also published a medical device security advisory for products from AliveCor.
Delta Advisory #1 - This advisory describes
ten vulnerabilities in the Delta InfraSuite Device Master.
Delta Advisory #2 - This advisory describes
eight vulnerabilities in the Delta DIAEnergie.
Johnson Controls Advisory - This advisory describes
a cross-site scripting vulnerability in the Johnson Controls (CKS subsidiary) CEVAS
deployment management and billing system.
Hitachi Energy Advisory - This advisory describes
two reliance on uncontrolled component vulnerabilities in the Hitachi Energy DMS600
integrated with MicroSCADA X.
NOTE: I briefly
reported on these vulnerabilities on October 15th, 2022.
Siemens Advisory - This advisory describes
a weak authentication vulnerability in the Siemens Siveillance Video Mobile
Server.
NOTE: I briefly
reported on this vulnerability this last weekend.
HEIDENHAIN Advisory - This advisory describes
an improper authentication vulnerability in the HEIDENHAIN TNC 640 controlling
a HARTFORD 5A-65E CNC machine.
Haas Advisory - This advisory describes
three vulnerabilities in the Haas Controller.
AliveCor Advisory - This advisory describes
two vulnerabilities in the AliveCor KardiaMobile smartphone-based personal
electrocardiogram (EKG) device.
For more details about these advisories, including links to
third-party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/8-advisories-published-10-25-22
- subscription required.
Posts
No comments:
Post a Comment