Today, CISA’s NCCIC-ICS published three control system security advisories for products from Mitsubishi Electric, PTC and ETIC Telecom. They also updated two advisories for products from Mitsubishi and ETIC.
Advisories
Mitsubishi Advisory -
This advisory
describes a classic buffer overflow vulnerability in the Mitsubishi CNC Series
devices.
PTC Advisory - This
advisory
describes an uncontrolled resource consumption vulnerability in the PTC KEPServerEX.
ETIC Advisory - This advisory describes an insecure default initialization of resource vulnerability in the ETIC Remote Access Server (RAS).
Updates
Mitsubishi Update -
This update
provides additional information on an advisory that was originally published on
August 9th, 2022 and most recently updated on August 18th,
2022 (not 8-16-23).
ETIC Update - This
update
provides additional information on an advisory that was originally published on
November 11th, 2022.
For more details about these advisories, including links to
vendor advisories and researcher reports, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-2-updates-published-9a3
- subscription required.
Posts
No comments:
Post a Comment