Today CISA’s NCCIC-ICS published four control system security advisories for products from Mitsubishi Electric, Hitachi Energy, Johnson Controls, and Güralp Systems. They also updated advisories for products from Fuji Electric, Johnson Controls, and Mitsubishi Electric.
Advisories
Mitsubishi Advisory - This advisory
describes a cleartext storage of sensitive information vulnerability in the
Mitsubishi GT Designer3 products.
Hitachi Energy Advisory - This advisory
discusses the BlastRadius-Fail
vulnerability.
NOTE: I briefly
discussed this vulnerability on November 1st, 2025.
Johnson Controls Advisory - This advisory
describes four vulnerabilities in the Johnson Controls PowerG, IQPanel and
IQHub products.
Güralp Advisory - This advisory describes an allocation of resources without limit or throttling vulnerability in the Güralp Fortimus, Minimus, and Certimus product series.
Updates
Fuji Update - This update
provides additional information on the Fuji Monitouch V-SFT-6 advisory that was
originally published on November 4th, 2025.
Johnson Controls Update - This update
provides additional information on the Johnson Controls iSTAR Ultra advisory
that was originally published on August 12th, 2025.
Mitsubishi Update - This update
provides additional information on the Mitsubishi GENESIS advisory that was
originally published on May 20th, 2025, and most recently updated on
August 28th, 2025.
I briefly discussed this update on August 9th, 2025.
For more information on these advisories, including a brief
description of the CISA advisory format change, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-3-updates-published
- subscription required.
Posts
No comments:
Post a Comment