Today, CISA’s NCCIC-ICS published four control system security advisories for products from Mitsubishi Electric, Johnson Controls, SUBNET, and Rockwell Automation.
Advisories
Mitsubishi Advisory -
This advisory
describes 12 vulnerabilities in the multiple Mitsubishi FA Engineering software
products.
Johnson Controls
Advisory - This advisory
describes an insertion of sensitive information into log file vulnerability in
the Johnson Controls Software House C●CURE 9000 security management system.
SUBNET Advisory -
This advisory
describes a reliance on insufficiently trustworthy components vulnerability in
the SUBNET PowerSYSTEM Center product.
Rockwell Advisory -
This advisory
describes an unquoted search path vulnerability in the Rockwell Factory Talk
Remote Access (FTRA) product.
For more details about these advisories, and a brief
down-the-rabbit-hole look at simple OPSEC problems, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-5-14-24
- subscription required.
Posts
No comments:
Post a Comment