Today CISA’s NCCIC-ICS published four control system and one medical device security advisory for products from Delta Electronics, Veeder-Root, ASKI Energy, AutomationDirect, and NIHON KOHDEN. They also published updates for advisories for products from Schneider (2) and Hitachi Energy.
Advisories
Delta Advisory - This
advisory
describes two stack-based buffer overflow vulnerabilities in the Delta ASDA-Soft
servo software.
NOTE: I briefly
discussed these vulnerabilities on Sunday.
Veeder-Root Advisory -
This advisory
describes two vulnerabilities in the Veeder-Root TLS4B Automatic Tank Gauge
System.
ASKI Advisory - This
advisory
describes a missing authentication for critical function vulnerability in the
ASKI ALS-mini-S4/S8 IP controllers.
NOTE: ASKI Energy is a subsidiary of
ABB.
AutomationDirect
Advisory - This advisory
describes nine vulnerabilities in the AutomationDirect Productivity PLCs.
NIHON KOHDEN Advisory - This advisory describes a NULL pointer dereference vulnerability in the NIHON KOHDEN Central Monitor CNS-6201.
Updates
Schneider Update # 1 -
This update
provides additional information on the Altivar Products advisory that was originally
published on September 16th, 2025.
Schneider Update #2 -
This update
provides additional information on the EcoStruxure advisory that was originally
published on February 6th, 2025, and most recently updated on July
15th, 2025.
Hitachi Energy Update
- This update
provides additional information on the MACH SCM advisory that was originally
published on April 25th, 2024.
NOTE: I briefly
discussed this updated information on October 5th, 2025.
For more information on these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-3-updates-published-3e1
- subscription required.
Posts
No comments:
Post a Comment