Today CISA’s NCCIC-ICS published seven control system security advisories for products from LG Innotek, National Instruments, OpenPLC, Festo (3) and MegaSys Enterprises. The also published updates for advisories for products from Rockwell Automation, HEIDENHHAIN, and Keysight.
Advisories
LG Advisory - This
advisory
describes an authentication bypass by alternate path or channel vulnerability in
the LG Innotek LND7210 and LNV7210R cameras.
National Instruments
Advisory - This advisory
describes two vulnerabilities in the NI Circuit Design Suite.
OpenPLC Advisory -
This advisory
describe a reliance on undefined, unspecified, or implementation defined behavior
vulnerability in the OpenPLC_V3 product.
Festo Advisory #1 -
This advisory
discusses 29 vulnerabilities in the Festo Controller CECC-S,-LK,-D Family
Firmware.
Festo Advisory #2 -
This advisory
describes an improper privilege management vulnerability in the Festo CPX-CEC-C1
and CPX-CMXX hardware control blocks.
Festo Advisory #3 -
This advisory
discusses four vulnerabilities in the Festo SBRD-Q/SBOC-Q/SBOI-Q series
products.
NOTE: I briefly
discussed these vulnerabilities on October 2nd, 2021.
MegaSys Advisory - This advisory describes an OS command injection vulnerability in the MegaSys Telenium Online Web Application.
Updates
Rockwell Update -
This update
provides additional information on the FLEX 5000 I/O advisory that was originally
published on August 14th, 2025.
NOTE: I described
the problem with the incorrect CVE numbers on August 14th, 2025.
HEIDENHAIN Update -
This update
provides additional information on the Controller TNC advisory that was originally
published on October 25th, 2022.
Keysight Update -
This update
provides additional information on the Ixia Vision advisory that was originally
published on March 4th, 2025.
For more information on these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-3-updates-published-e07
- subscription required.
Posts
No comments:
Post a Comment