Tuesday, January 27, 2026

Review – 4 Advisories Published – 1-27-25

Today CISA’s NCCIC-ICS published four control system security advisories for products from Johnson Controls, Schneider Electric, Festo, and iba Systems.

Advisories

Johnson Controls Advisory - This advisory describes a command injection vulnerability in multiple Johnson Controls products.

Schneider Advisory - This advisory discusses five vulnerabilities in Schneider Zigbee products.

NOTE: I briefly described these vulnerabilities on January 17th,2026.

Festo Advisory - This advisory discusses 140 vulnerabilities in the Festo Didactic SE MES PC. These are third-party vulnerabilities.

I briefly discussed these vulnerabilities on February 26th, 2024.

Iba Advisory - This advisory describes an incorrect permissions assignment for critical resource vulnerability in the iba ibaPDA.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-published-1-27-25 - subscription required.
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */