Today, CISA’s NCCIC-ICS published three control system security advisories for products from Siemens, Mitsubishi Electric, and GE Digital. They also updated an advisory for products from Contec.
Advisories
Siemens Advisory - This advisory discusses
twelve vulnerabilities in the Siemens SINEC Infrastructure Network Services
(INS).
NOTE: I briefly
discussed these vulnerabilities on Sunday.
Mitsubishi Advisory - This advisory describes
a predictable seed in the PRNG of Mitsubishi MELSEC iQ-F and iQ-R Series
products.
GE Advisory - This advisory describes five vulnerabilities in the GE Digital Proficy Historian.
Update
Contec Update - This update
provides additional information on an advisory that was originally
published on December 13th, 2022.
NOTE: This update is based upon an update of the JP-CERT
advisory that was
published on January 10th.
For more details about these advisories, including links to
third-party advisories and exploits, see my article at CFSN Detailed Analysis -
https://patrickcoyle.substack.com/p/3-advisories-and-1-update-published-f4a
- subscription required.
Posts
No comments:
Post a Comment