Today, CISA’s NCCIC-ICS published five control system security advisories for products from EuroTel, Open Design Alliance, EFACEC (2), and Subnet Solutions. They also updated two advisories for products from Mitsubishi and Johnson Controls.
Advisories
EuroTel Advisory -
This advisory
describes three vulnerabilities in the EuroTel ETL3100 radio transmitter.
ODA Advisory - This
advisory
describes three vulnerabilities in the ODA Drawing SDK tool.
EFACEC Advisory #1 -
This advisory
describes four vulnerabilities in the EFACEC UC 500E HMI.
EFACEC Advisory #2 -
This advisory
describes two vulnerabilities in the EFACEC BCU 500 automation and control IED.
Subnet Advisory - This advisory describes an unquoted search path or element vulnerability in the Subnet PowerSYSTEM Center multi-function management platform.
Updates
Mitsubishi Update -
This update
provides additional information on the MELSEC iQ-R, Q and L Series advisory
that was originally published on October 29th, 2020 and most
recently updated on April 4th, 2022.
Johnson Controls
Update - This update
provides additional information on the Johnson Controls Metasys and Facility
Explorer that was originally published on December 7th, 2023.
For more details about these advisories, including links to researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-2-updates-published-2c9 - subscription required.
Posts
No comments:
Post a Comment