Today CISA’s NCCIC-ICS published six control system security advisories for products from Fuji Electric (2), ICONICS (and Mitsubishi), Open Automation, Siemens, and Ruijie. They also updated advisories for products from ICONICS (and Mitsubishi) and ETIC.
Advisories
Fuji Advisory #1 - This advisory
describes five vulnerabilities in the Fuji Electric Tellus Lite V-Simulator.
Fuji Advisory #2 -
This advisory
describes 10 out-of-bounds write vulnerabilities in the Fuji Electric Monitouch
V-SFT screen configuration software.
ICONICS Advisory -
This advisory
describes three vulnerabilities in the ICONICS GENESIS64 and Mitsubishi MC
Works64 products.
Open Automation Advisory
- This advisory
describes an incorrect execution-assigned privileges vulnerability in the Open
Automation Software package.
Siemens Advisory -
This advisory
discusses four vulnerabilities (two listed in CISA’s Known Exploited
Vulnerabilities catalog) in the Siemens RUGGEDCOM APE1808 products.
Ruijie Advisory - This advisory describes ten vulnerabilities in the Ruijie Reyee OS.
Updates
ICONICS Update - This
update
provides additional information on the ICONICS and Mitsubishi advisory that was
originally published on July 2nd, 2024.
ETIC Update - This
update
provides additional information on the Remote Access Server advisory that was
originally published on November 3, 2022, and most recently updated on July 27th,
2023.
For more information on these advisories, including links to
3rd party advisories and exploits, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-2-updates-published-ee4
- subscription required.
Posts
No comments:
Post a Comment