Today, CISA’s NCCIC-ICS published five control system security advisories for products from Johnson Controls, ABB (3), and Hitachi Energy. They also updated advisories for products from Schneider Electric and Hitachi Energy.
Advisories
Johnson Controls Advisory - This advisory describes an uncontrolled search path element in the Johnson Controls CEM AC2000 access control and security management product.
ABB Advisory #1 - This advisory describes an improper certificate validation vulnerability in the ABB B&R Automation Studio product.
NOTE: I briefly discussed this vulnerability on January 24th, 2026.
ABB Advisory #2 - This advisory describes an allocation of resources without limit or throttling vulnerability in the ABB B&R Automation Runtime product.
NOTE: I briefly discussed this vulnerability on January 24th, 2026.
ABB Advisory #3 - This advisory describes an insertion of sensitive information into a log file vulnerability in the ABB B&R PVI client application.
I briefly discussed this vulnerability on January 31st, 2026.
Hitachi Energy Advisory - This advisory discusses a path traversal vulnerability in the Hitachi Energy PMC600 products.
I briefly discussed this vulnerability on Saturday.
Updates
Schneider Update - This update provides additional information on the EcoStruxure Control Expert advisory that was originally published on August 15th, 2023.
NOTE: I briefly mentioned the Schneider update upon which the CISA update was based.
Hitachi Energy Update - This update provides additional information on the MSM advisory that was originally published on November 14th, 2024.
I briefly discussed these vulnerabilities on Sunday.
For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-2-updates-published-d71 - subscription required.
Posts
No comments:
Post a Comment