Today CISA’s NCCIC-ICS published six control system and 1 medical device security advisories for products from Honeywell, Rockwell Automation, Siemens (4), and BD. They also updated advisories for products from Enphase and Mitsubishi.
There were two additional Siemens advisories (and 12 updates that CISA no longer covers) that were published this week that were not addressed here (including the one for the missing CISA advisory). I will be addressing those this weekend.
Advisories
Honeywell Advisory -
This advisory
describes nine vulnerabilities in the Honeywell Experion PKS, LX, and
PlantCruise DCS products.
Rockwell Advisory -
This advisory
describes a cross-site scripting vulnerability in the Rockwell PowerMonitor
1000 product.
SIMATIC Advisory #1 -
This advisory
discusses thirteen vulnerabilities in the Siemens SIMATIC MV500 series devices.
SIMATIC Advisory #2 -
This advisory
is currently returning a “Page Not Found” message.
SiPass Advisory -
This advisory
describes an improper input validation vulnerability in the Siemens SiPass
Integrated access control product.
RUGGEDCOM ROX
Advisory - This advisory
discusses 21 vulnerabilities in the Siemens RUGGEDCOM ROX ethernet switches.
BD Advisory - This advisory describes eight vulnerabilities in a variety of BD products.
Updates
Enphase Update - This
update
provides additional information on an advisory that was originally published on
June 22nd, 2023.
Mitsubishi Update -
This update
provides additional information on an advisory that was originally published on
December 22nd, 2022.
For more details about these advisories, including links to
researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-2-updates-published-916
- subscription required.
Posts
No comments:
Post a Comment