Thursday, January 30, 2025

Review – 6 Advisories and 2 Updates Published – 1-30-25

Today CISA’s NCCIC-ICS published five control system security advisories for products from Rockwell Automation (2), Schneider Electric, New Rock Technologies, and Hitachi Energy. They also published a medical device security advisory and an update for products from Contec Health. They also published a control system update for products from Mitsubishi.

Advisories

Rockwell Advisory #1 - This advisory describes three vulnerabilities in the Rockwell FactoryTalk AssetCentre.

Rockwell Advisory #2 - This advisory discusses an uncontrolled resource consumption vulnerability in the Rockwell KEPServerEX.

Schneider Advisory - This advisory describes an exposure of sensitive information to an unauthorized actor vulnerability in the Schneider Harmony Industrial PC and Pro-face Industrial PC.

New Rock Advisory - This advisory describes two vulnerabilities in the New Rock Cloud Connected Devices.

Hitachi Energy Advisory - This advisory describes eight vulnerabilities in the Hitachi Energy UNEM product.

Contec Advisory - This advisory describes three vulnerabilities in the Contec CMS8000 Patient Monitor.

NOTE: CISA published a stand-alone fact sheet on the backdoor vulnerability described in this advisory. The FDA published a Safety Communication about the reported vulnerabilities.

Updates

Contec Update - This update provides additional information on the CMS8000 Patient Monitor advisory that was originally published on September 1st, 2022.

Mitsubishi Update - This update provides additional information on the FA Engineering Software Products advisory that was originally published on May 14th, 2024, and most recently updated on October 31st, 2024.

 

For more information on these advisories, including a down-the-rabbit-hole look at the KEPServerEX vulnerability, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-2-updates-published-56f - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */