Review – 3 Advisories and 4 Updates Published

Today, CISA’s NCCIC-ICS published three control system security advisories for products from ICONICS, mySCADA, and Johnson Controls. They also updated advisories for products from Johnson Controls.

Advisories

ICONICS Advisory - This advisory discusses five vulnerabilities (one with known exploit) in the ICONICS product suite.

mySCADA Advisory - This advisory describes a use of hard-coded credentials vulnerability in the mySCADA myPRO product.

Johnson Controls Advisory - This advisory describes an exposure of sensitive information to an unauthorized actor vulnerability in the Johnson Controls Kantech KT series door controllers.

Updates

Johnson Controls Update #1 - This update provides additional information on the Johnson Controls Illustra Essentials Gen 4 advisory that was originally published on June 27^th, 2024.

Johnson Controls Update #2 - This update provides additional information on the Johnson Controls Illustra Essentials Gen 4 advisory that was originally published on June 27^th, 2024.

Johnson Controls update #3 - This update provides additional information on the Johnson Controls Illustra Essentials Gen 4 advisory that was originally published on June 27^th, 2024.

Johnson Controls Update #4 - This update provides additional information on the Johnson Controls Illustra Essentials Gen 4 advisory that was originally published on June 27^th, 2024.

 

For more information on these advisories, including links to 3^rd party advisories, exploits, and a brief look at the timing of the Johnson Controls updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/3-advisories-and-4-updates-published-026 - subscription required.