Thursday, March 23, 2023

Review – 6 Advisories Published – 3-23-23

Today, CISA’s NCCIC-ICS published six control system security advisories for products from ProPump and Controls, ABB, Schneider Electric, SAUTER, CP Plus and RoboDK.


ProPump Advisory - This advisory describes nine vulnerabilities in the ProPump Osprey Pump Controller.

ABB Advisory - This advisory describes two vulnerabilities in the ABB NE843 Pulsar Plus Controller.

Schneider Advisory - This advisory describes eight vulnerabilities in the Schneider Interactive Graphical SCADA System (IGSS).

SAUTER Advisory - This advisory describes five vulnerabilities in the SAUTER EY-modulo 5 Building Automation Stations.

CP Plus Advisory - This advisory describes an insufficiently protected credentials vulnerability in the CP Plus KVMS Pro.

RoboDK Advisory - This advisory describes an incorrect permission assignment for critical resource in the RoboDK robot development kit.

NOTE: This was a relatively bad day for system owners as four of the six vendors had little or no response towards fixing the identified vulnerabilities.


For more details about these advisories, including links to researcher reports and exploits, as well as a description of vendor responses, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */