Review – 2 Advisories Published – 2-1-24

Today, CISA’s NCCIC-ICS published two control system security advisories for products from AVEVA and Gessler.

Advisories

AVEVA Advisory - This advisory describes an uncontrolled search path element vulnerability in the AVEVA Edge products (formerly known as InduSoft Web Studio).

Gessler Advisory - This advisory describes two vulnerabilities in the Gessler WEB-MASTER emergency lighting management system.

 

For more details about these advisories, including a look at a missing advisory, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-published-2-1-24 - subscription required.