Thursday, August 1, 2024

Review – 9 Advisories Published – 8-1-24

Today, CISA’s NCCIC-ICS published nine control system security advisories for products from Rockwell Automation, Vonets, AVTECH, and Johnson Controls (6).

Advisories

Rockwell Advisory - This advisory describes an unprotected alternate channel vulnerability in the Rockwell ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules.

Vonet Advisory - This advisory discusses seven vulnerabilities in the Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters.

AVTECH Advisory - This advisory describes a command injection vulnerability in the AVTECH AVM1203 IP camera.

Johnson Controls Advisory #1 - This advisory describes a use of GET request method with sensitive query strings vulnerability in the Johnson Controlss exacqVision Web Service.

Johnson Controls Advisory #2 - This advisory describes an improper certificate validation vulnerability in the Johnson Controls exacqVision Server.

Johnson Controls Advisory #3 - This advisory describes a cleartext transmission of sensitive information vulnerability in the Johnson Controls exacqVision Web Service.

Johnson Controls Advisory #4 - This advisory describes a cross-site request forgery vulnerability in the Johnson Controls exacqVision Web Service.

Johnson Controls Advisory #5 - This advisory describes a permissive cross-domain policy with untrusted domains vulnerability in the Johnson Controls exacqVision Web Service.

Johnson Controls Advisory #6 - This advisory describes an inadequate encryption strength vulnerability in the Johnson Controls exacqVision Client and exacqVision Server.

 

For more details on these advisories, including links to (and commentary on) researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/9-advisories-published-8-1-24 - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */