Thursday, November 21, 2024

Review – 7 Advisories Published – 11-21-24

Today, CISA’s NCCIC-ICS published seven control system security advisories for products from mySCADA, Schneider (4), CODESYS, and Carrier.

Advisories

mySCADA Advisory - This advisory describes five vulnerabilities in the mySCADA myPRO Manager products.

Schneider Advisory #1 - This advisory describes an uncontrolled resource consumption vulnerability in the Schneider PowerLogic PM5300 series energy meters.

Schneider Advisory #2 - This advisory describes a missing authentication vulnerability in the Schneider EcoStruxure IT Gateway.

Schneider Advisory #3 - This advisory describes an improper input validation vulnerability in the Schneider Modicon M340, MC80, and Momentum Unity M1E products.

CODESYS Advisory - This advisory describes an out-of-bounds read vulnerability in the CODESYS OSCAT Basic Library.

Carrier Advisory - This advisory describes two vulnerabilities in the Carrier (Automated Logic subsidiary) WebCTRL Premium Server.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-published-11-21-24 - subscription required.

Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */