Thursday, January 26, 2023

Review – 7 Advisories and 1 Update Published – 1-26-23

Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Landis+Gyr, Rockwell Automation, Mitsubishi Electric, Sierra Wireless, Snap One, Econolite and Delta Electronics. They also published an update for an advisory for products from Mitsubishi.


Landis+Gyr Advisory - This advisory describes a reliance on cookies without validation vulnerability in the Landis+Gyr E850 (ZMQ200) precision meter.

Rockwell Advisory - This advisory discusses two vulnerabilities in multiple Rockwell products using the GoAhead web server.

NOTE: These vulnerabilities in the GoAhead web server from EmbedThis were originally reported by CISCO Talos in 2019.

Mitsubishi Advisory - This advisory describes an active debug code vulnerability in the Mitsubishi MELFA SD/SQ series and F-series Robot Controllers.

Sierra Wireless Advisory - This advisory describes two vulnerabilities in the Sierra Wireless AirLink routers.

Snap One Advisory - This advisory describe four vulnerabilities in the Snap One Wattbox WB-300-IP-3, a surge protector.

Econolite Advisory - This advisory describes two vulnerabilities in the Econolite EOS automated traffic control software.

Delta Advisory - This advisory describes a stack-based buffer overflow vulnerability in the Delta Electronics CNCSoft software management platform.


Mitsubishi Update - This update provides additional information on an advisory that was originally published on January 17th, 2023.


For more details about these advisories, including links to researcher reports and exploits, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */