Today CISA’s NCCIC-ICS published six control system security advisories for products from Schneider Electric (2), Rockwell Automation (3), and B&R. They also updated a medical device advisory for products from BD.
Three additional Rockwell advisories were published today. If they are not covered in CISA advisories on Thursday, I will discuss them this weekend in my Public ICS Disclosures post.
Advisories
Schneider Advisory #1
- This advisory
describes a deserialization of untrusted data vulnerability in the Schneider Electric
RemoteConnect and SCADAPack x70 Utilities.
Schneider Advisory #2
- This advisory
describes two vulnerabilities in the Schneider PowerLogic HDPM6000 High-Density
Metering System.
Rockwell Advisory #1 -
This advisory
describes two vulnerabilities in the Rockwell DataMosaix Private Cloud.
Rockwell Advisory #2 -
This advisory
describes two vulnerabilities in the Rockwell FactoryTalk product.
Rockwell Advisory #3 -
This advisory
describes two vulnerabilities in the Rockwell FactoryTalk View ME product.
B&R Advisory - This advisory describes the use of a broken or risky cryptographic algorithm vulnerability in the B&R Automation Runtime and mapp View products.
Updates
BD Update - This update
provides additional information on the BD Diagnostic Solutions Products
advisory that was originally published on December 17th, 2024.
For more information about these advisories, see my article
at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-1-update-published-286
- subscription required.
No comments:
Post a Comment