Today, CISA’s NCCIC-ICS published four control system security advisories for products from Avtec Connect, MOBOTIX, and Rockwell Automation (2). They also updated an advisory for products from Mitsubishi.
Advisories
Avtec Advisory - This
advisory
describes two vulnerabilities in the Avtec Outpost 810 and Outpost Uploader Utility.
MOBOTIX Advisory -
This advisory
describes an improper neutralization of expression/command delimiters vulnerability
in MOBOTIC P3 and MX6 IP cameras.
Rockwell Advisory #1 -
This advisory
describes an improper input validation vulnerability in the Rockwell 5015 AENFTXT,
a part of the FLEXHA 5000 I/O Modules.
Rockwell Advisory #2 - This advisory describes an externally controlled reference to a resource in another sphere vulnerability in the Rockwell Emulate3D Digital Twin technology.
Updates
Mitsubishi Update
- This update
provides additional information on the MELSEC iQ-R Series advisory that was
originally published November 19th, 2020 and most recently updated
on December 16th, 2021.
For more information on these advisories, and a brief
discussion about CISA’s recent change in the link CISA uses to provide
additional information on CVE’s, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-1-update-published-23b
- subscription required.
Posts
No comments:
Post a Comment