Today CISA’s NCCIC-ICS published six control system security advisories for products from HMS, Schneider (3), Hitachi Energy, and mySCADA.
Advisories
HMS Advisory - This
advisory
describes a cleartext transmission of sensitive information vulnerability in
the HMS EWON Flexy 202 IIoT data gateway.
Schneider Advisory #1
- This advisory
describes an improper restriction of operations within the bounds of a memory
buffer vulnerability in the Schneider EcoStruxure Power Build Rapsody.
Schneider Advisory #2
- This advisory
describes an improper privilege-management vulnerability in the Schneider Easergy
Studio products.
Schneider Advisory #3
- This advisory
describes a cleartext storage of sensitive information vulnerability in the
Schneider EVlink Home Smart and Schneider Charge charging stations.
Hitachi Energy
Advisory - This advisory
describes an improperly implemented security check for standard vulnerability
in the Hitachi Energy RTU500 series products.
MySCADA Advisory -
This advisory
describes two OS command injection vulnerabilities in the mySCADA myPRO
products.
For more information on these vulnerabilities (four of which
have been previously reported here), including a down-the-rabbit-hole look at
the coordination process, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published-1-23-25
- subscription required.
No comments:
Post a Comment