Today CISA’s NCCIC-ICS published eight control system security advisories for products from Everon, ePower, Mobiliti, Labkotec, Portwell, Hitachi Energy (2), and Mitsubishi Electric. They also updated an advisory for products from Hitachi Energy.
Advisories
Everon Advisory -
This advisory
describes four vulnerabilities in the Everon OCPP Backends.
ePower Advisory -
This advisory
describes four vulnerabilities in the ePower epower.ie.
Mobiliti Advisory -
This advisory
describes four vulnerabilities in the Mobiliti e-mobi.hu.
NOTE: For these first three advisories, see my “DTRH EV
Charging Vulnerabilities” section in last week’s CISA advisory blog
post.
Labkotec Advisory -
This advisory
describes a missing authentication for critical function vulnerability in the Labkotec
LID-3300IP wind turbine ice detector.
Portwell Advisory -
This advisory
describes an improper restriction of operations within the bounds of a memory
buffer vulnerability in the Portwell Engineering Toolkits.
Hitachi Energy
Advisory #1 - This advisory
that describes four vulnerabilities (one with publicly available exploit) in
their RTU500 series CMU Firmware.
NOTE: I briefly
discussed these vulnerabilities on February 28th, 2026.
Hitachi Energy
Advisory #2 - This advisory
describes two privilege defined with unsafe actions vulnerabilities in their
Relion REB500 product.
NOTE: I briefly
discussed these vulnerabilities on February 28th, 2026.
Mitsubishi Advisory - This advisory describes three vulnerabilities in the Mitsubishi MELSEC iQ-F Series EtherNet/IP module and Ethernet module.
Updates
Hitachi Energy Update
- This update
provides additional information on the RTU500 Series advisory that was
originally published on January 23rd, 2025, and most recently
updated on September 23rd, 2025 (based on actual CISA release dates
not the Hitachi dates republished in the Revision History).
NOTE: On Sunday I briefly
discussed the Hitachi Energy update upon which this update is based.
Posts
No comments:
Post a Comment