Review – 2 Advisories Published – 5-7-24

Today, CISA’s NCCIC-ICS published two control system security advisories for products from SUBNET and PTC.

Advisories

SUBNET Advisory - This advisory describes a reliance on insufficiently trustworthy components vulnerability in the SUBNET Substation Server.

PTC Advisory - This advisory describes a cross-site scripting vulnerability in the PTC Codebeamer application lifecycle management platform.

 

For more information on these advisories, including a down-the-rabbit-hole look at ‘insufficiently trustworthy components’, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-published-5-7-24 - subscription required.