Review – 4 Advisories Published – 4-16-24

CISA’s NCCIC-ICS published four control system security advisories for products from RoboDK, Rockwell Automation, Electrolink, and Measuresoft.

Advisories

RoboDK Advisory - This advisory describes a heap-based buffer overflow vulnerability in the RoboDK RoboDK robotics development software.

Rockwell Advisory - This advisory describes an improper input validation vulnerability in the Rockwell ControlLogix and GuardLogix programmable logic controllers.

NOTE: The vendor link CISA provides in the advisory goes through an out-of-date Rockwell web portal to a 2023 advisory not associated with this vulnerability. The correct link is https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html

Electrolink Advisory - This advisory describes seven vulnerabilities in the Electrolink transmitters.

Measuresoft Advisory - This advisory describes an improper access control vulnerability in the Measuresoft ScadaPro system.

 

For more information on these advisories, including links to researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-4-16-24 - subscription required.