Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Landis+Gyr, Rockwell Automation, Mitsubishi Electric, Sierra Wireless, Snap One, Econolite and Delta Electronics. They also published an update for an advisory for products from Mitsubishi.
Advisories
Landis+Gyr Advisory - This advisory describes
a reliance on cookies without validation vulnerability in the Landis+Gyr E850
(ZMQ200) precision meter.
Rockwell Advisory - This advisory discusses
two vulnerabilities in multiple Rockwell products using the GoAhead web server.
NOTE: These vulnerabilities in the GoAhead web server from
EmbedThis were originally
reported by CISCO Talos in 2019.
Mitsubishi Advisory - This advisory describes
an active debug code vulnerability in the Mitsubishi MELFA SD/SQ series and
F-series Robot Controllers.
Sierra Wireless Advisory - This advisory describes
two vulnerabilities in the Sierra Wireless AirLink routers.
Snap One Advisory - This advisory describe
four vulnerabilities in the Snap One Wattbox WB-300-IP-3, a surge protector.
Econolite Advisory - This advisory describes
two vulnerabilities in the Econolite EOS automated traffic control software.
Delta Advisory - This advisory describes a stack-based buffer overflow vulnerability in the Delta Electronics CNCSoft software management platform.
Updates
Mitsubishi Update - This update
provides additional information on an advisory that was originally
published on January 17th, 2023.
For more details about these advisories, including links to
researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published-c83
- subscription required.
Posts
No comments:
Post a Comment