Review – 5 Advisories and 1 Update Published – 9-26-23

Today, CISA’s NCCIC-ICS published five control system security advisories for products from Baker Hughes, Advantech, Mitsubishi, Hitachi Energy, and Suprema. They also updated an advisory for products from SOCOMEC.

Advisories

Baker Hughes Advisory - This advisory describes three vulnerabilities in the Baker Hughes Bently Nevada 3500 System TDI Firmware.

Advantech Advisory - This advisory describes two cross-site scripting vulnerabilities in the Advantech EKI-1524, EKI-1522, EKI-1521 devices.

Mitsubishi Advisory - This advisory describes an incorrect default permissions vulnerability in the Mitsubishi FA Engineering Software.

Hitachi Energy Advisory - This advisory describes an improper authentication vulnerability in the Hitachi Energy Asset Suite 9.

Suprema Advisory - This advisory describes an SQL injection vulnerability in the Suprema BioStar product.

Updates

SOCOMEC Update - This update provides additional information on an advisory that was originally published on January 24^th, 2023.

 

For more information on these advisories, including links to exploits and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-1-update-published-942 - subscription required.