Today CISA’s NCCIC-ICS published nine control system security advisories for products from Mitsubishi, ABB, Delta, National Instruments, Lantronix, Growatt, and Siemens (3).
Advisories
Mitsubishi Advisory -
This advisory
describes two vulnerabilities in the Mitsubishi smartRTU.
ABB Advisory - This
advisory
discusses 42 vulnerabilities in the ABB M2M Gateway.
Delta Advisory - This
advisory
describes a use of cryptographically weak PRNG vulnerability in the Delta COMMGR
software management platform.
National Instruments
Advisory - This advisory
describes two vulnerabilities in the NI LabVIEW product.
Lantronix Advisory -
This advisory
describes a missing authentication for critical function vulnerability in the
Lantronix Xport embedded networking module.
Growatt Advisory -
This advisory
describes 30 vulnerabilities (some with publicly available exploits) in the Growatt
Cloud Applications.
Siemens Advisory #1 -
This advisory
describes an uncontrolled resource consumption vulnerability in the Siemens ICMP
services in Industrial Devices.
Siemens Advisory #2 -
This advisory
describes a weak authentication vulnerability in the Siemens Industrial Edge
Device Kit.
Siemens Advisory #3 -
This advisory
describes an observable discrepancy vulnerability in the Siemens Mendix Runtime
application.
For more information on these advisories, including links to
researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/9-advisories-published-4-15-25
- subscription required.
Posts
No comments:
Post a Comment