Today, CISA’s NCCIC-ICS published four control system security advisories for products from Intrado, AVEVA (2), and Rockwell Automation. They published a medical device security advisory for products from MicroDicom. They also updated an advisory for products from Schneider.
Advisories
Intrado Advisory -
This advisory
describes an SQL injection vulnerability in the Intrado 911 Emergency Gateway
(EGW).
AVEVA Advisory #1 -
This advisory
describes a deserialization of untrusted data vulnerability in the AVEVA PI
Asset Framework Client.
AVEVA Advisory #2 -
This advisory
describes a deserialization of untrusted data vulnerability in the AVEVA PI Web
API.
Rockwell Advisory -
This advisory
describes an always-incorrect control flow implementation vulnerability in the
Rockwell ControlLogix, GuardLogix, and CompactLogix controllers.
MicroDicom Advisory - This advisory describes two vulnerabilities in the MicroDicom DICOM Viewer medical image viewer.
Updates
Schneider Update -
This update
provides additional information on the APC Easy UPS advisory that was
originally published on April 18th, 2023.
Posts
No comments:
Post a Comment