Today CISA’s NCCIC-ICS published four control system security advisories for products from Trimble, ABB, and Schneider (2). They also published two medical device security advisories for products from Orthanc and MicroDicom.
Advisories
Trimble Advisory -
This advisory
describes a deserialization of untrusted data vulnerability in the Trimble Cityworks
asset and work management system.
ABB Advisory - This
advisory
discusses a path traversal advisory in their Drive Composer products.
Schneider Advisory #1
- This advisory
discusses an uncontrolled search path element vulnerability in their EcoStruxure
products using FlexNet Publisher.
Schneider Advisory #2
- This advisory
describes a deserialization of untrusted data vulnerability in the Schneider EcoStruxure
Power Monitoring Expert.
Orthanc Advisory -
This advisory
describes a missing authentication for critical function vulnerability in the
Orthanc Server.
MicroDicom Advisory -
This advisory
describes an improper certificate validation vulnerability in the MicroDicom DICOM
Viewer.
For more information on these advisories, including links to
3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published-2-6-25
- subscription required.
Posts
No comments:
Post a Comment