Today CISA’s NCCIC-ICS published five control system security advisories for products from Rockwell Automation (2), Schneider Electric, New Rock Technologies, and Hitachi Energy. They also published a medical device security advisory and an update for products from Contec Health. They also published a control system update for products from Mitsubishi.
Advisories
Rockwell Advisory #1 -
This advisory
describes three vulnerabilities in the Rockwell FactoryTalk AssetCentre.
Rockwell Advisory #2 -
This advisory
discusses an uncontrolled resource consumption vulnerability in the Rockwell KEPServerEX.
Schneider Advisory -
This advisory
describes an exposure of sensitive information to an unauthorized actor
vulnerability in the Schneider Harmony Industrial PC and Pro-face Industrial PC.
New Rock Advisory -
This advisory
describes two vulnerabilities in the New Rock Cloud Connected Devices.
Hitachi Energy
Advisory - This advisory
describes eight vulnerabilities in the Hitachi Energy UNEM product.
Contec Advisory -
This advisory
describes three vulnerabilities in the Contec CMS8000 Patient Monitor.
NOTE: CISA published a stand-alone fact sheet on the backdoor vulnerability described in this advisory. The FDA published a Safety Communication about the reported vulnerabilities.
Updates
Contec Update - This
update
provides additional information on the CMS8000 Patient Monitor advisory that
was originally published on September 1st, 2022.
Mitsubishi Update -
This update
provides additional information on the FA Engineering Software Products
advisory that was originally published on May 14th, 2024, and most
recently updated on October 31st, 2024.
For more information on these advisories, including a
down-the-rabbit-hole look at the KEPServerEX vulnerability, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-2-updates-published-56f
- subscription required.
No comments:
Post a Comment