Review – 6 Advisories Published – 1-23-24

Today, CISA’s NCCIC-ICS published five control system security advisories for products from Lantronix, Westermo, Voltronic Power, Crestron, and APsystems, and one medical device security advisory for products from Orthanc.

Advisories

Lantronix Advisory - This advisory describes a weak encoding for passwords vulnerability in the Lantronix XPort Device Server Configuration Manager.

Westermo Advisory - This advisory describes eight vulnerabilities in the Westermo Lynx 206-F2G layer-three industrial Ethernet switch.

Voltronic Advisory - This advisory describes four vulnerabilities in the Voltronic ViewPower Pro Uninterruptable Power Supply (UPS) management software.

APsystems Advisory - This advisory describes an improper access control vulnerability in the APsystems Energy Communication Unit (ECU-C) Power Control Software.

Orthanc Advisory - This advisory describes a cross-site scripting vulnerability in the Orthanc Osimis Web Viewer.

 

For more details about these advisories, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published-1-23-24 - subscription required.