Review – 6 Advisories Published – 1-23-25

Today CISA’s NCCIC-ICS published six control system security advisories for products from HMS, Schneider (3), Hitachi Energy, and mySCADA.

Advisories

HMS Advisory - This advisory describes a cleartext transmission of sensitive information vulnerability in the HMS EWON Flexy 202 IIoT data gateway.

Schneider Advisory #1 - This advisory describes an improper restriction of operations within the bounds of a memory buffer vulnerability in the Schneider EcoStruxure Power Build Rapsody.

Schneider Advisory #2 - This advisory describes an improper privilege-management vulnerability in the Schneider Easergy Studio products.

Schneider Advisory #3 - This advisory describes a cleartext storage of sensitive information vulnerability in the Schneider EVlink Home Smart and Schneider Charge charging stations.

Hitachi Energy Advisory - This advisory describes an improperly implemented security check for standard vulnerability in the Hitachi Energy RTU500 series products.

MySCADA Advisory - This advisory describes two OS command injection vulnerabilities in the mySCADA myPRO products.

 

For more information on these vulnerabilities (four of which have been previously reported here), including a down-the-rabbit-hole look at the coordination process, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published-1-23-25 - subscription required.