Tuesday, November 29, 2022

Review – 5 Advisories and 2 Updates Published – 11-29-22

Today, CISA’s NCCIC-ICS published five control system security advisories for products from Mitsubishi (2), Moxa, and Hitachi Energy (2). They also updated advisories for products from Omron and Mitsubishi.

Mitsubishi Advisory #1 - This advisory describes ten vulnerabilities in the Mitsubishi FA Engineering software.

NOTE: I briefly discussed these vulnerabilities on Saturday.

Mitsubishi Advisory #2 - This advisory describes an improper input validation vulnerability in the GOT2000 series. The vulnerability was self-reported. Mitsubishi has new versions that mitigate the vulnerability.

NOTE: I briefly discussed this vulnerability on Saturday.

Moxa Advisory - This advisory describes an improper physical access control vulnerability in the Moxa UC Series, industrial internet-of-things (IIoT) gateway devices.

Hitachi Energy Advisory #1 - This advisory describes an improper input validation vulnerability in the Hitachi Energy MicroSCADA Pro/X SYS600 products.

NOTE: I briefly discussed this vulnerability on November 19th.

Hitachi Energy Advisory #2 - This advisory discusses a cleartext storage of sensitive information vulnerability in the Hitachi Energy IED Connectivity Packages and PCM600 products.

NOTE: I briefly discussed this vulnerability on November 19th.

Omron Update - This update provides additional information on an advisory that was originally published on December 12th, 2019.

Mitsubishi Update - This update provides additional information on an advisory that was originally published on November 30th, 2021 and most recently updated on July 26th, 2022.

NOTE: I briefly discussed this vulnerability on November 19th.

 

For more information on these advisories and updates, including links to 3rd party advisories and summaries of changes in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-2-updates-published-dfb - subscription required.


No comments:

 
/* Use this with templates/template-twocol.html */