Today, CISA’s NCCIC-ICS published four control system security advisories for products from Honeywell, Siemens and Hitachi Energy (2). They also updated advisories for products from Mitsubishi (2), Rockwell and Chirp Systems.
Advisories
Honeywell Advisory -
This advisory
describes 16 vulnerabilities in multiple Honeywell products.
Siemens Advisory -
This advisory
discusses a command injection vulnerability {that is listed on CISA’s Known
Exploit Vulnerabilities (KEV) Catalog} in the Siemens RUGGEDCOM APE1808
application hosting platform.
Hitachi Energy
Advisory #1 - This advisory
describes two vulnerabilities in the Hitachi Energy MACH SCM product.
Hitachi Energy Advisory #2 - This advisory describes two unrestricted upload of files with dangerous type vulnerabilities in the Hitachi Energy RTU500 Series.
Updates
Mitsubishi Update #1 -
This update
provides additional information on the MELSEC Series CPU Module advisory that
was originally published on May 23rd, 2023 and most recently updated
on March 14th, 2024.
Mitsubishi Update #2 -
This update
provides additional information on the MELSEC iQ-R Series/iQ-F Series advisory
that was originally published on June 6th, 2023.
Rockwell Update -
This update
provides additional information on the 5015-AENFTXT advisory that was
originally published on April 11th, 2024.
Chirp Systems Update -
This update
provides additional information on the Chirp Access advisory that was
originally published on March 7th, 2024 and most recently updated on
April 23rd, 2024.
For more information on the these advisories, including a brief commentary on the Chirp Systems update, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-4-updates-published - subscription required.
Posts
No comments:
Post a Comment