Review – 4 Advisories and 1 Update – 3-2-23

Today, CISA’s NCCIC-ICS published three control system security advisories for products from Rittal, Baicells, and Mitsubishi. They also published a medical device security advisory for products from Medtronic. They updated a control system security advisory for products from Mitsubishi.

Advisories

Rittal Advisory - This advisory describes an improper access control vulnerability in the Rittal CMC III locks.

Baicells Advisory - This advisory described a command injection vulnerability in the Baicells LTE TDD eNodeB devices.

Mitsubishi Advisory - This advisory describes a plain-text storage of a password vulnerability in the Mitsubishi Electric MELSEC iQ-F products.

Medtronic Advisory - This advisory describes an unverified password change vulnerability in the Medtronic Micros Clinician (A51200) app and InterStim X Clinician (A51300).

Updates

Mitsubishi Update - This update provides additional information on an advisory that was originally published on July 30^th, 2020 and most recently updated on November 22^nd, 2022.

 

For more details on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-1-update-3-2-23 - subscription required.