Today, CISA’s NCCIC-ICS published nine control system security advisories for products from Rockwell Automation, Vonets, AVTECH, and Johnson Controls (6).
Advisories
Rockwell Advisory
- This advisory
describes an unprotected alternate channel vulnerability in the Rockwell ControlLogix,
GuardLogix, and 1756 ControlLogix I/O Modules.
Vonet Advisory - This
advisory
discusses seven vulnerabilities in the Vonets Industrial WiFi Bridge Relays and
WiFi Bridge Repeaters.
AVTECH Advisory -
This advisory
describes a command injection vulnerability in the AVTECH AVM1203 IP camera.
Johnson Controls
Advisory #1 - This advisory
describes a use of GET request method with sensitive query strings vulnerability
in the Johnson Controlss exacqVision Web Service.
Johnson Controls
Advisory #2 - This advisory
describes an improper certificate validation vulnerability in the Johnson
Controls exacqVision Server.
Johnson Controls
Advisory #3 - This advisory
describes a cleartext transmission of sensitive information vulnerability in
the Johnson Controls exacqVision Web Service.
Johnson Controls
Advisory #4 - This advisory
describes a cross-site request forgery vulnerability in the Johnson Controls
exacqVision Web Service.
Johnson Controls
Advisory #5 - This advisory
describes a permissive cross-domain policy with untrusted domains vulnerability
in the Johnson Controls exacqVision Web Service.
Johnson Controls
Advisory #6 - This advisory
describes an inadequate encryption strength vulnerability in the Johnson
Controls exacqVision Client and exacqVision Server.
For more details on these advisories, including links to (and
commentary on) researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/9-advisories-published-8-1-24
- subscription required.
No comments:
Post a Comment