Friday, December 23, 2022

Review – 4 Advisories Published – 12-22-22

Yesterday, CISA’s NCCIC-ICS published four control system security advisories for products from Omron, Mitsubishi Electric, Rockwell Automation, and Priva.

Omron Advisory - This advisory describes an out-of-bounds write vulnerability in the Omron CX-Programmer.

NOTE: I briefly discussed this vulnerability (and two others reported at the same time) on November 26th, 2022 and most recently updated that discussion on December 18th, 2022.

Mitsubishi Advisory - This advisory describes an improper resource shutdown or release vulnerability in the Mitsubishi MELSEC iQ-R, iQ-L Series and MELIPC Series CPU modules.

Rockwell Advisory - This advisory describes an improper access control vulnerability in the Rockwell Studio 5000 Logix Emulate product.

Priva Advisory - This advisory describes a use of password hash with insufficient computational effort vulnerability in the Priva TopControl Suite.


For more details about these advisories, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */