Today, CISA’s NCCIC-ICS published three control system security advisories for products from Rockwell Automation, iniNet Solutions, and Viessmann Climate Solutions, as well as a medical device security advisory for products from BPL Medical Technologies.
Advisories
Rockwell Advisory -
This advisory
describes an improper input validation vulnerability in the Rockwell SequenceManager
Logix controller.
iniNet Advisory -
This advisory
describes an unrestricted upload of file with dangerous type vulnerability in
the iniNet SpiderControl SCADA Web Server.
Viessmann Advisory -
This advisory
describes three vulnerabilities in the Viessmann Vitogate 300 boiler
communications tool.
BPL Advisory - This
advisory
describes a Cleartext transmission of sensitive information vulnerability (with
publicly available exploit) in the BPL Personal Weighing Scale PWS-01BT and
associated Be Well Android APP.
For more information on these advisories, including links to
researcher reports and exploits, as well as a down-the-rabbit-hole look at the Rockwell
vulnerability, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-9-10-24
- subscription required.
Posts
No comments:
Post a Comment