Yesterday, CISA’s NCCIC-ICS published four control system security advisories for products from Omron, Mitsubishi Electric, Rockwell Automation, and Priva.
Omron Advisory - This
advisory
describes an out-of-bounds write vulnerability in the Omron CX-Programmer.
NOTE: I briefly
discussed this vulnerability (and two others reported at the same time) on
November 26th, 2022 and most
recently updated that discussion on December 18th, 2022.
Mitsubishi Advisory -
This advisory
describes an improper resource shutdown or release vulnerability in the
Mitsubishi MELSEC iQ-R, iQ-L Series and MELIPC Series CPU modules.
Rockwell Advisory -
This advisory
describes an improper access control vulnerability in the Rockwell Studio 5000
Logix Emulate product.
Priva Advisory - This
advisory
describes a use of password hash with insufficient computational effort
vulnerability in the Priva TopControl Suite.
For more details about these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-12-22-22
- subscription required.
Posts
No comments:
Post a Comment