Today, CISA’s NCCIC-ICS published five control system security advisories for products from Moxa, GE, Phoenix Contact, Digital Alert Systems, and AVEVA. They updated two control system advisories for products from Moxa and one medical device security advisory for products from Hillrom.
Security Advisories
Moxa Advisory - This advisory describes
an execution with unnecessary privilege vulnerability in the Moxa ARM-Based
Computers.
GE Advisory - This advisory describes
five vulnerabilities in the GE CIMPLICITY HMI/SCADA software.
Phoenix Contact Advisory - This advisory describes
two vulnerabilities in the Phoenix Contact Automation Worx Software Suite.
NOTE: I briefly
discussed these vulnerabilities on November 13th, 2022.
Digital Alert Advisory - This advisory describes
two cross-site scripting vulnerabilities (one with known exploit) in the
Digital Alert Systems DASDEC emergency messaging devices.
AVEVA Advisory - This advisory describes four vulnerabilities in the AVEVA Edge (InduSoft Web Studio).
Security Updates
Mitsubishi Update #1 - This update
provides additional information on an advisory that was originally
published on July 30th, 2020 and most
recently updated on August 2nd, 2022.
I briefly
discussed the Mitsubishi update last weekend.
Mitsubishi Update #2 - This update
provides additional information on an advisory that was originally
published on February 18th, 2021 and most
recently updated on August 2nd, 2022.
I briefly
discussed the Mitsubishi update last weekend.
Hillrom Update - This update
provides additional information on an advisory that was originally
published on June 1st, 2021 and most
recently updated on September 8th, 2022.
Posts
No comments:
Post a Comment