Review – 4 Advisories Published – 3-14-23

Today, CISA’s NCCIC-ICS published four control system security advisories for products from Aveva, GE Digital, Autodesk and Omron.

Advisories

Aveva Advisory - This advisory describes an improper authorization vulnerability in the Aveva Plant SCADA and AVEVA Telemetry Server products.

GE Advisory - This advisory describes a code injection vulnerability in the GE Proficy iFIX product.

Autodesk Advisory - This advisory describes three vulnerabilities in the Autodesk FBX SDK software.

Omron Advisory - This advisory describes an improper access control vulnerability in the Omron SYSMAC CJ- and CS-series programmable logic controller.

 

For more details about these advisories, including a discussion about a discrepancy in the reported third-party vulnerability to the Autodesk vulnerabilities, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-3-14-23 - subscription required.