Today, CISA’s NCCIC-ICS published six control system security advisories for products from Moxa, OMNTEC, Dover Fueling Solutions, Franklin Fueling Solutions, Alisonic, and OPW Fuel Management Solutions. They also updated advisories for products from Interpeak and Uniview.
Advisories
Moxa Advisory - This
advisory
describes three vulnerabilities in the Moxa MXview One products.
OMNTEC Advisory -
This advisory
describes a missing authentication for critical function vulnerability in the OMNTEC
Proteus Tank Monitoring product.
Dover Advisory - This
advisory
describes six vulnerabilities in the DFS ProGauge MAGLINK LX Consoles.
Franklin Advisory -
This advisory
describes an absolute path traversal vulnerability in the Franklin TS-550 EVO
automatic tank gauge.
Alisonic Advisory -
This advisory
describes an SQL injection vulnerability in the Alisonic Sibylla automated tank
gauge.
OPW Advisory - This advisory describes a missing authentication for critical function vulnerability in the OPW SiteSentinel product.
NOTE: The vulnerabilities for the five fuel handling
equipment advisories were
reported to CISA by Pedro Umbelino of BitSight; that report is worth
reading.
Updates
Interpeak Update -
This update
provides additional information on the Interpeak TCP/IP Stack advisory that was
originally published on October 1st, 2019 and most recently updated
on May 12th, 2020.
Uniview Update - This
update
provides additional information on the Uniview NVR301-04S2-P4 advisory that was
originally published on June 4th, 2024.
For more information on these advisories, including links to
a researcher report and a down-the-rabbit-hole look at relay rapid cycling
attacks, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-2-updates-published
- subscription required.
Posts
No comments:
Post a Comment