Tuesday, January 17, 2023

Review – 3 Advisories and 1 Update Published – 1-17-23

Today, CISA’s NCCIC-ICS published three control system security advisories for products from Siemens, Mitsubishi Electric, and GE Digital. They also updated an advisory for products from Contec.


Siemens Advisory - This advisory discusses twelve vulnerabilities in the Siemens SINEC Infrastructure Network Services (INS).

NOTE: I briefly discussed these vulnerabilities on Sunday.

Mitsubishi Advisory - This advisory describes a predictable seed in the PRNG of Mitsubishi MELSEC iQ-F and iQ-R Series products.

GE Advisory - This advisory describes five vulnerabilities in the GE Digital Proficy Historian.


Contec Update - This update provides additional information on an advisory that was originally published on December 13th, 2022.

NOTE: This update is based upon an update of the JP-CERT advisory that was published on January 10th.


For more details about these advisories, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-1-update-published-f4a - subscription required.

No comments:

/* Use this with templates/template-twocol.html */