Today, CISA’s NCCIC-ICS published four control system security advisories for Johnson Controls, Hitachi Energy, Mitsubishi and Carlo Gavazzi. They also updated an advisory for products from Rockwell.
Advisories
Johnson Controls
Advisory - This advisory describes
two vulnerabilities in the Johnson Controls OpenBlue Enterprise Manager Data
Collector.
Hitachi Energy
Advisory - This advisory discusses
a permissions, privileges and access controls vulnerability in the Hitachi
Energy MicroSCADA Pro/X SYS600 products.
Mitsubishi Advisory -
This advisory
describes an authentication bypass vulnerability in the Mitsubishi Electric
MELSEC WS Series ethernet interface module.
Carlo Gavazzi
Advisory - This advisory describes
a path traversal vulnerability in the Carlo Gavazzi Powersoft energy management
software.
Rockwell Update - This update provides new information on an advisory that was originally published on February 20th, 2020.
Updates
Rockwell Update -
This update
provides new information on an advisory that was originally published on February
20th, 2020.
For more details on these advisories, including links to
third-party advisories and exploits, see my article at CFSN Detailed Analysis -
https://patrickcoyle.substack.com/p/4-advisories-and-1-update-published-51a
- subscription required.
Posts
No comments:
Post a Comment