Review – 7 Advisories Published – 7-18-23

Today, CISA’s NCCIC-ICS published seven control system security advisories for products from WellinTech, GE, GeoVision, Weintek, Iagona, Keysight, and Rockwell Automation.

Advisories

WellinTech Advisory - This advisory describes two vulnerabilities in the WellinTech KingHistorian.

GE Advisory - This advisory describes a heap-based buffer overflow vulnerability in the GE Digital CIMPLICITY product.

GeoVision Advisory - This advisory describes an improper authentication vulnerability in the GeoVision GV-ADR2701 cameras.

Weintek Advisory - This advisory describes four vulnerabilities in the Weintek Weincloud product.

Iagona Advisory - This advisory describes four vulnerabilities in the Iagona ScrutisWeb ATM monitoring product.

Keysight Advisory - This advisory describes two vulnerabilities in the Keysight Geolocation Server.

Rockwell Advisory - This advisory describes an uncontrolled resource consumption vulnerability in the Rockwell Kinetix 5700 DC Bus Power Supply Series A.

 

For more details about the advisories, including links to exploits and researcher reports as well as a discussion about missing vulnerabilities, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-published-7-18-23 - subscription required.