Today, CISA’s NCCIC-ICS published six control system security advisories for products from ProPump and Controls, ABB, Schneider Electric, SAUTER, CP Plus and RoboDK.
Advisories
ProPump Advisory -
This advisory
describes nine vulnerabilities in the ProPump Osprey Pump Controller.
ABB Advisory - This
advisory
describes two vulnerabilities in the ABB NE843 Pulsar Plus Controller.
Schneider Advisory -
This advisory
describes eight vulnerabilities in the Schneider Interactive Graphical SCADA
System (IGSS).
SAUTER Advisory -
This advisory
describes five vulnerabilities in the SAUTER EY-modulo 5 Building Automation
Stations.
CP Plus Advisory - This advisory
describes an insufficiently protected credentials vulnerability in the CP Plus
KVMS Pro.
RoboDK Advisory - This advisory describes an incorrect permission assignment for critical resource in the RoboDK robot development kit.
NOTE: This was a relatively bad day for system owners as
four of the six vendors had little or no response towards fixing the identified
vulnerabilities.
For more details about these advisories, including links to
researcher reports and exploits, as well as a description of vendor responses,
see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published-3-23-23
- subscription required.
Posts
No comments:
Post a Comment