Today, CISA’s NCCIC-ICS published eight control system security advisories for products from Sielco, Rockwell Automation, Ashlar-Vellum, Centralite, and Dingtian. They also updated a medical device security advisory for products from BD Alaris.
Advisories
Sielco Advisory #1 -
This advisory
describes four vulnerabilities in the Sielco Analog FM Transmitters and Radio
Link.
Sielco Advisory #2
- This advisory
describes seven vulnerabilities in the Sielco PolyEco FM transmitters.
Rockwell Advisory
#1 - This advisory
describes an improper authentication vulnerability in the Rockwell FactoryTalk
Services Platform web service.
Rockwell Advisory
#2 - This advisory
describes an improper input validation vulnerability in the Rockwell FactoryTalk
View Site Edition.
Rockwell Advisory
#3 - This advisory
describes two vulnerabilities in the Rockwell Arena simulation software.
Ashlar-Vellum Advisory
- This advisory
describes two vulnerabilities in the Ashlar-Vellum Cobalt, Graphite, Xenon,
Argon, Lithium, and Cobalt Share modeling programs.
Centralite Advisory -
This advisory
describes an allocation of resources without limits or throttling vulnerability
in the Centralite Pearl Thermostat.
Dingtian Advisory - This advisory describes an authentication bypass by capture relay vulnerability in the Dingtian DT-R002 relay.
Updates
BD Alaris Update -
This update
provides additional information on an advisory that was originally published on
July 13th, 2023.
For more information on these advisories, including links to
researcher advisories, and a down-the-rabbit-hole look at one of the Rockwell
advisories - https://patrickcoyle.substack.com/p/8-advisories-and-1-update-published
- subscription required.
Posts
No comments:
Post a Comment