Today CISA’s NCCIC-ICS published six control system security advisories for products from Elesta, Rapid Response Monitoring, Siemens, Carrier, and ABB (2), as well as a medical device security advisory for products from Medixant. They also updated a control system advisory for products from Mitsubishi.
Advisories
Elseta Advisory -
This advisory
describes an OS command injection vulnerability in the Elseta Vinci Protocol
Analyzer.
Rapid Response
Advisory - This advisory
describes an authorization bypass through user controlled key vulnerability in the
Rapid Response Monitoring My Security Account App.
Siemens Advisory -
This advisory
discusses a path traversal vulnerability in the Siemens SiPass integrated product.
Carrier Advisory -
This advisory
describes an uncontrolled search path element vulnerability in the Carrier
Block Load HVAC load calculation program.
ABB Advisory #1 -
This advisory
describes three vulnerabilities with publicly available exploit in the ABB FLXeon
Controllers.
Medixant Advisory - This advisory that describes an improper certificate validation vulnerability.
Updates
Mitsubishi Update -
This update
provides additional information on the CNC Series advisory that was originally
published on October 17th, 2024.
For more information on these advisories, including links to
exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-an-update-published
- subscription required.
Posts
No comments:
Post a Comment