Today, CISA’s NCCIC-ICS published four control system security advisories for products from Horner Automation, Johnson Controls, LS ELECTRIC, and Control By Web. They also update two advisories for products from ARC and Omron.
Advisories
Horner Advisory - This advisory describes
three vulnerabilities in the Horner Cscape Envision RV, a control system remote
access management software.
Johnson Control Advisory - This advisory describes
two vulnerabilities in the Johnson Controls Metasys System Configuration Tool.
LS ELECTRIC Advisory - This advisory describes
seven vulnerabilities in the LS ELECTRIC XBC-DN32U PLC performance module.
Control By Web Advisory - This advisory describes two vulnerabilities in the Control By Web X-400 and X-600M, web enabled I/O Controllers.
Updates
ARC Update - This update
provides additional information on an advisory that was originally
published on December 20th, 2022.
NOTE: I briefly
discussed ARC’s
update on January 28th, 2023.
Omron Update - This update
provides additional information on an advisory that was originally
published on June 28th, 2022.
For more information on these advisories, including links to
researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-2-updates-2-9-23
- subscription required.
Posts
No comments:
Post a Comment