Today CISA’s NCCIC-ICS published six control system security advisories for products from GE Vernova, Delta Electronics (2), Schneider Electric, and Mitsubishi Electric (2). The updated three advisories for products from Hitachi Energy and Mitsubishi Electric.
Advisories
GE Advisory - This
advisory
describes an uncontrolled search path element vulnerability in the GE CIMPLICITY
HMI/SCADA software.
Delta Advisory #1 -
This advisory
describes two vulnerabilities in the Delta COMMGR software management program.
Delta Advisory #2 -
This advisory
describes an out-of-bounds write vulnerability in the Delta CNCSoft-G2 CNC
solution.
Schneider Advisory -
This advisory
describes an improper privilege management vulnerability in the Schneider Saitel
DR RTU and Saitel DP RTU.
NOTE: I briefly
discussed this vulnerability on August 17th, 2025.
Mitsubishi Advisory
#1 - This advisory
describes a cleartext transmission of sensitive information vulnerability in
their MELSEC iQ-F Series CPU modules.
Mitsubishi Advisory #2 - This advisory describes a missing authentication for critical function vulnerability in their MELSEC iQ-F Series CPU modules.
Updates
Hitachi Energy Update
- This update
provides additional information on the Relion 670/650 advisory that was
originally published on July 3rd, 2025.
Mitsubishi Update #1 -
This update
provides additional information on the Iconics Digital Solutions advisory that
was originally published on May 20th, 2025, and most recently
updated on August 7th, 2025.
NOTE: I briefly
discussed the revised Mitsubishi advisory that underlies this update on August
9th.
Mitsubishi Update #2 -
This update
provides additional information on the Multiple FA Engineering Software
Products advisory that was originally published on May 14th, 2024,
and most recently updated on May 15th, 2025.
Posts
No comments:
Post a Comment