Review – 3 Advisories Published – 12-13-22

Today, CISA’s NCCIC-ICS published three control system security advisories for products from Contec, Schneider Electric, and ICONICS/Mitsubishi.

Contec Advisory - This advisory describes an OS command injection vulnerability in the CONPROSYS HMI System (CHS).

Schneider Advisory - This advisory describes four vulnerabilities in the Schneider APC Easy UPS Online.

ICONICS Advisory - This advisory describes a path traversal vulnerability in the ICONICS (Mitsubishi) ICONICS Product Suite.

 

For more details about these advisories, including a down-the-rabbit-hole look at how Contec looks at secure control systems, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-published-12-13-22 - subscription required.