Review – 6 Advisories and 1 Update Published – 4-24-25

Today CISA’s NCCIC-ICS published six control system security advisories for products from Planet Technology, Johnson Controls, Nice, Vestel, ALBEDO Telecom, and Schneider Electric. They also updated an advisory for products from Fuji Electric.

Advisories

Planet Advisory - This advisory describes five vulnerabilities in multiple Planet network products.

Johnson Controls Advisory - This advisory describes a stack-based buffer overflow vulnerability in the Johnson Controls ICU tool.

Nice Advisory - This advisory describes an OS command injection vulnerability (with publicly available exploit) in the Nice Linear eMerge e3-Series access control platform.

Vestel Advisory - This advisory describes an exposure of sensitive information to an unauthorized control sphere vulnerability in the Vestel AC Charger EVC04.

ALBEDO Advisory - This advisory describes an insufficient session expiration vulnerability in the ALBEDO Net.Time - PTP/NTP clock.

Schneider Advisory - This advisory describes 22 vulnerabilities (16 with publicly available exploits) in the Schneider Modicon Controllers.

Update

Fuji Update - This update provides additional information on the Monitouch V-SFT advisory that was originally published on December 3^rd, 2024.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-1-update-published-ad4 - subscription required.