Today CISA’s NCCIC-ICS published four control system security advisories for products from Carrier (Viessmann), Schneider Electric, Mitsubishi Electric, and AutomationDirect. They also updated two advisories for products from Hitachi Energy.
Advisories
Carrier Advisory
- This advisory
describes two vulnerabilities in the Viessmann Vitogate 300.
Schneider Advisory -
This advisory
describes a link following vulnerability in the Schneider software update (SESU)
service.
Mitsubishi Advisory -
This advisory
describes an improper handling of lengthy parameter inconsistency vulnerability
in the Mitsubishi MELSEC-Q Series CPU modules.
NOTE: I briefly
discussed this vulnerability on Sunday.
AutomationDirect Advisory - This advisory describes seven vulnerabilities in the AutomationDirect Click Plus programming software.
Updates
Hitachi Energy Update
#2 - This update
provides additional information on the RTU500 Series advisory that was originally
published on January 23, 2025.
For more information on these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-2-updates-published-be3
- subscription required.
Posts
No comments:
Post a Comment