Today, CISA’s NCCIC published four control system security advisories for products from Johnson Controls, TEL-STER, and Mitsubishi (2). They also updated an advisory for products from Mitsubishi. Mitsubishi updated two additional advisories today, I will cover them this weekend.
Advisories
Johnson Controls Advisory
- This advisory
describes an acceptance of extraneous untrusted data with trusted data
vulnerability in the Johnson Controls VideoEdge NVRs.
TEL-STER Advisory -
This advisory
describes a path traversal vulnerability in the TEL-STER TelWin SCADA Web Interface.
Mitsubishi Advisory
#1 - This advisory
describes a weak encoding for password vulnerability in the Mitsubishi GT
Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 product lines.
Mitsubishi Advisory #2 - This advisory describes a predictable exact value from previous values vulnerability in the Mitsubishi GOT2000 Series and GOT SIMPLE Series products.
Updates
Mitsubishi Update -
This update
provides additional information on an advisory that was originally published on
July 27th, 2023.
For more information on these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-1-update-published-a84
- subscription required.
Posts
No comments:
Post a Comment