Today CISA’s NCCIC-ICS published six control-system security advisories for products from Rockwell Automation, Horner Automation, National Instruments, Schneider Electric (2), and MOBATIME. They also updated an advisory for products from Ruijie.
Advisories
Rockwell Advisory -
This advisory
describes four vulnerabilities in the Rockwell Arena product.
Horner Advisory -
This advisory
describes two out-of-bounds read vulnerabilities in the Horner Cscape product.
National Instruments
Advisory - This advisory
describes three out-of-bounds read vulnerabilities in the National Instruments Lab
View product.
Schneider Advisory #1
- This advisory
describes a path traversal vulnerability in the Schneider FoxRTU Station.
Schneider Advisory #2
- This advisory
describes three vulnerabilities in the Schneider EcoStruxure Foxboro DCS Core
Control Services.
MOBATIME Advisory - This advisory describes a use of default credentials vulnerability in the MOBATIME Network Master Clock - DTS 4801.
Updates
Ruijie Update - This
update
provides additional information on the Reyee OS advisory that was originally
published on December 3rd, 2024.
For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-1-update-published-88e - subscription required.
Posts
No comments:
Post a Comment