Today, CISA’s NCCIC-ICS published four control system security advisories for products from Mitsubishi Electric, Ovarro, Schneider, and Delta Electronics. They published a medical device security advisory for products from Medtronic. They also updated four advisories for products from Enphase, Mitsubishi (2), and Rockwell Automation.
Advisories
Mitsubishi Advisory -
This advisory
describes an authentication bypass by capture replay vulnerability in the
Mitsubishi MELSEC-F Series products if they are used with ethernet
communication special adapter FX3U-ENET-ADP or ethernet communication block
FX3U-ENET(-L).
Ovarro Advisory -
This advisory
describes six vulnerabilities for the Ovarro TBox RTUs.
Schneider Advisory -
This advisory
describes a control injection vulnerability in the Schneider EcoStruxure
Operator Terminal Expert.
Delta Advisory - This
advisory
describes three vulnerabilities in the Delta InfraSuite Device Master product.
Medtronic Advisory - This advisory describes a deserialization of untrusted data vulnerability in the Medtronic Paceart Optima System.
Updates
Enphase Update - This
update
provides additional information on an advisory that was originally published on
June 20th, 2023 (Not June 22nd).
Mitsubishi Update #1 -
This update
provides additional information on an advisory that was originally published on
December 6th, 2022 and most recently updated on June 1st,
2023.
Mitsubishi Update #2 -
This update
provides additional information on an advisory that was originally published on
September 1st, 2020 and most recently updated on September 22nd,
2022 (Not September 30th).
Rockwell Update -
This update
provides additional information on an advisory that was originally published on
April 30th, 2019.
For additional information on these advisories, including a
down-the-rabbit-hole look at the Enphase vulnerability response – see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-4-updates-published
- subscription required.
Posts
No comments:
Post a Comment