Thursday, February 9, 2023

Review – 4 Advisories and 2 Updates – 2-9-23

Today, CISA’s NCCIC-ICS published four control system security advisories for products from Horner Automation, Johnson Controls, LS ELECTRIC, and Control By Web. They also update two advisories for products from ARC and Omron.

Advisories

Horner Advisory - This advisory describes three vulnerabilities in the Horner Cscape Envision RV, a control system remote access management software.

Johnson Control Advisory - This advisory describes two vulnerabilities in the Johnson Controls Metasys System Configuration Tool.

LS ELECTRIC Advisory - This advisory describes seven vulnerabilities in the LS ELECTRIC XBC-DN32U PLC performance module.

Control By Web Advisory - This advisory describes two vulnerabilities in the Control By Web X-400 and X-600M, web enabled I/O Controllers.

Updates

ARC Update - This update provides additional information on an advisory that was originally published on December 20th, 2022.

NOTE: I briefly discussed ARC’s update on January 28th, 2023.

Omron Update - This update provides additional information on an advisory that was originally published on June 28th, 2022.

 

For more information on these advisories, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-2-updates-2-9-23 - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */