Review – 7 Advisories Published – 6-27-24

Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Johnson Control (4), Yokogawa, SDG Technologies and TELSAT.

Advisories

Johnson Controls Advisory #1 - This advisory describes a storing password in recoverable format vulnerability in the Johnson Control Illustra Essentials Gen 4 IP cameras.

Johnson Controls Advisory #2 - This advisory describes an insertion of sensitive information into a log file vulnerability in the Johnson Control Illustra Essentials Gen 4 IP cameras.

Johnson Controls Advisory #3 - This advisory describes a storing password in recoverable format vulnerability in the Johnson Control Illustra Essentials Gen 4 IP cameras.

Johnson Controls Advisory #4 - This advisory describes an improper input validation vulnerability in the Johnson Control Illustra Essentials Gen 4 IP cameras.

Yokogawa Advisory - This advisory describes two vulnerabilities in the Yokogawa FAST/TOOLS and CI Server products. The vulnerabilities are self-reported.

SDG Advisory - This advisory describes a missing authorization vulnerability in the SDG PnPSCADA web-based SCADA HMI.

TELSAT Advisory - This advisory describes four vulnerabilities (three with known exploits) in the TELSAT marKoni FM Transmitters.

 

For more information on these advisories, including links to researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-published-6-27-24 - subscription required.