Today, CISA’s NCCIC-ICS published five control system security advisories for products from Johnson Controls (3), Mitsubishi Electric, and Delta Electronics. They also updated advisories for products from Mitsubishi and PTC.
Advisories
Johnson Controls
Advisory #1 - This advisory
describes an incorrect default permissions vulnerability in the Johnson
Controls Software House C●CURE 9000 Site Server.
Johnson Controls
Advisory #2 - This advisory
describes a use of weak credentials vulnerability in the Johnson Controls Software
House C●CURE 9000 Site Server.
Johnson Controls
Advisory #3 - This advisory
discusses a dependency on vulnerable 3rd party component (JQuery) in the
Johnson Controls Illustra Pro Gen 4 Camera.
Mitsubishi Advisory -
This advisory
describes an incorrect default permissions vulnerability in the Mitsubishi MELIPC
Series MI5122-VW industrial PC.
Delta Advisory - This advisory describes four vulnerabilities in the Delta CNCSoft-G2.
Updates
Mitsubishi Update -
This update
provides additional information for the FA Engineering Software advisory that was
originally published on September 26th, 2023.
PTC Update - This
update
provides additional information for the PTC Creo Elements advisory that was
originally published on June 25th, 2024.
For more information on these advisories, including a down-the-rabbit-hole
look at how CWE-1395 can hide the real extent of the 3rd party
vulnerabilities in a system, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-2-updates-published-a8a
- subscription required.
Posts
No comments:
Post a Comment