Today, CISA’s NCCIC-ICS published four control system security advisories for products from Westermo, Inosoft, Fuji Electric, and Carrier. They also updated an advisory for products from Mitsubishi Electric. Finally, they published two medical devices security advisories for products from Baxter.
NIST published a brief update on the status of the problems with the National Vulnerability Database (NVD).
Advisories
Westermo Advisory -
This advisory
describes two vulnerabilities in the Westermo EDW-100 Serial to Ethernet
converter.
Inosoft Advisory -
This advisory
describes an incorrect default permissions vulnerability with known exploit in
the Inosoft VisiWin HMI.
Fuji Advisory - This
advisory
describes two vulnerabilities in the Fuji Monitouch V-SFT screen configuration
software.
Carrier Advisory -
This advisory
describes three vulnerabilities in the Carrier LenelS2 NetBox access control
and event monitoring system.
Baxter Advisory #1 -
This advisory
describes a use of default cryptographic key vulnerability in the Baxter Welch
Allyn Connex Spot Monitor.
Baxter Advisory #2 - This advisory describes an insufficiently protected credentials vulnerability in the Baxter Welch Allyn Configuration Tool.
Updates
Mitsubishi Update - This advisory provides additional information on the MELSEC iQ-R advisory that was originally published on December 22nd, 2022 and most recently updated on December 12th, 2023.
NVD Update
NVD Database Problem Update - Yesterday NIST updated the status of the problem with NVD
maintenance issues.
For more information no these advisories, including links to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-1-update-published-fa6 - subscription required.
Posts
No comments:
Post a Comment