Today, CISA’s NCCIC-ICS published six control system security advisories for products from mySCADA Technologies, Hitachi Energy, Korenix, JTEKT (2), and Industrial Control Links. They also updated an advisory for products from Rockwell Automation.
Advisories
mySCADA Advisory -
This advisory
describes five OS command injection vulnerabilities in the mySCADA myPRO products.
Hitachi Energy Advisory
- This advisory
describes five vulnerabilities in their MicroSCADA System Data Manager SDM600
Product.
Korenix Advisory -
This advisory
describes three vulnerabilities in the Korenix Jetwave industrial wireless
gateways.
JTEKT Advisory #1 -
This advisory
describes three vulnerabilities in the JTEKT Kostac PLC Programming Software.
JTEKT Advisory #2 -
This advisory
describes seven vulnerabilities in the JTEKT Screen Creator Advance product.
Industrial Control Link Advisory - This advisory describes an external control of file name or path vulnerability in the ICL ScadaFlex II SCADA Controller SC-1 and SC-2 devices.
NOTE: I previously reported on the vulnerabilities listed in five of the six advisories
Updates
Rockwell Update -
This update
provides additional information on an advisory that was originally published on
February 20th, 2020.
For more details on these advisories, including links to my earlier
reports, vendor advisories, researcher reports, and exploits, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-1-update-published-7aa
- subscription required.
Posts
No comments:
Post a Comment