Review – 6 Advisories Published – 11-2-23

Today, CISA’s NCCIC-ICS published six control system security advisories for products from Schneider Electric, Weintek, Franklin Fueling Systems, Mitsubishi Electric (2), and Red Lion.

Advisories

Schneider Advisory - This advisory describes two vulnerabilities in the Schnieder SpaceLogic C-Bus Toolkit.

Weintek Advisory - This advisory describes a use of hard-coded credentials vulnerability in the Weintek EasyBuilder Pro products.

Franklin Advisory - This advisory describes a use of password hash with insufficient computational effort vulnerability in the Franklin Fueling Systems TS-550 product.

Mitsubishi Advisory #1 - This advisory describes an insufficient verification of data authenticity vulnerability in the Mitsubishi MELSEC Series products.

Mitsubishi Advisory #2 - This advisory describes an improper restriction of excessive authentication attempts vulnerability in the Mitsubishi MELSEC iQ-F Series products.

Red Lion Advisory - This advisory describes an improper neutralization of null byte or null character vulnerability in the Red Lion Crimson 3.2 Windows-based configuration tool.

 

For more details about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published-11-2-23 - subscription required.