Friday, December 23, 2022

Review – 4 Advisories Published – 12-22-22

Yesterday, CISA’s NCCIC-ICS published four control system security advisories for products from Omron, Mitsubishi Electric, Rockwell Automation, and Priva.

Omron Advisory - This advisory describes an out-of-bounds write vulnerability in the Omron CX-Programmer.

NOTE: I briefly discussed this vulnerability (and two others reported at the same time) on November 26th, 2022 and most recently updated that discussion on December 18th, 2022.

Mitsubishi Advisory - This advisory describes an improper resource shutdown or release vulnerability in the Mitsubishi MELSEC iQ-R, iQ-L Series and MELIPC Series CPU modules.

Rockwell Advisory - This advisory describes an improper access control vulnerability in the Rockwell Studio 5000 Logix Emulate product.

Priva Advisory - This advisory describes a use of password hash with insufficient computational effort vulnerability in the Priva TopControl Suite.

 

For more details about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-12-22-22 - subscription required.


No comments:

 
/* Use this with templates/template-twocol.html */