Today, CISA’s NCCIC-ICS published two control system security advisories for products from FXC and QNAP. The two reported vulnerabilities were also added to the CISA Known Exploited Vulnerabilities Catalog.
Advisories
QNAP Advisory - This
advisory
describes an OS command injection vulnerability in the QNAP VioStor NVR QVR
firmware.
FXC Advisory - This advisory describes and OS command injection vulnerability in the FXC AE1021 and AE1021PE LAN routers.
Commentary
CISA needs to be more proactive about sharing credit for
vulnerability discoveries. While reporting the researcher names in their advisories
is important, it would be more appropriate to include links to the researcher
reports that provide additional details about the vulnerabilities being
reported. Links to publicly available exploits would also be helpful.
For more details about these advisories, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-published-12-21-23 - subscription required.
Posts
No comments:
Post a Comment