Today CISA’s NCCIC-ICS published control system security advisories for products from Dover Fueling, Cognex, Hitachi Energy (2), Schneider Electric, and Westermo (2). They also published an update for products from Mitsubishi and End-of-Train.
Advisories
Dover Advisory - This
advisory
describes three vulnerabilities in the Dover ProGauge MagLink LX4 products.
Cognex Advisory -
This advisory
describes nine vulnerabilities in the Cognex In-Sight Explorer and In-Sight
Camera products.
Hitachi Energy Advisory
#1 - This advisory
discusses a deserialization of untrusted data vulnerability (with publicly
available exploit) in the Hitachi Energy Service Suite.
NOTE: I briefly
discussed this vulnerability on August 30th, 2025.
Hitachi Energy
Advisory #2 - This advisory
discusses six vulnerabilities (two with publicly available exploits) in the
Hitachi Energy Asset Suite product.
NOTE: I briefly
discussed this vulnerability on August 30th, 2025.
Schneider Advisory -
This advisory
describes two OS command injection vulnerabilities in the Schneider Saitel DR
& Saitel DP remote terminal units.
Westermo Advisory #1 -
This advisory
describes an improper validation of syntactic correctness of input vulnerability
in the Westermo WeOS 5 products.
NOTE: I briefly
discussed this vulnerability on March 29th, 2025.
Westermo Advisory #2 -
This advisory
describes an OS command injection vulnerability in the Westermo WeOS 5 product.
NOTE: I briefly discussed this vulnerability on July 6th, 2025.
Updates
Mitsubishi Update -
This update
provides additional information on the FA Engineering Software advisory that was
originally published on January 30th, 2024, and most recently
updated on February 13th, 2025.
End-of-Train Update -
This update
provides additional information on the Remote Linking Protocol advisory that
was originally published on July 10th, 2025, and most recently
updated on September 4th, 2025.
Posts
No comments:
Post a Comment