Today, CISA’s NCCIC-ICS published five control system security advisories for products from Hitachi Energy (3), B&R, and NAVTOR. They also updated two advisories for products from Schnieder Electric and Mitsubishi Electric.
Advisories
Hitachi Energy Advisory #1 - This advisory describes a heap-based buffer overflow vulnerability in their MACH HiDraw product.
NOTE: I briefly discussed this vulnerability on May 31st, 2026.
Hitachi Energy Advisory #2 - This advisory discusses seven vulnerabilities (one with publicly available exploit) in the Hitachi Energy RTU500 product.
NOTE: I briefly discussed these vulnerabilities on June 1st, 2026.
Hitachi Energy Advisory #3 - This advisory discusses two vulnerabilities in the Hitachi Energy ITT600 Explorer product.
NOTE: I briefly discussed this vulnerability on May 31st, 2026.
B&R Advisory - This advisory describes an allocation of resources without limit or throttling vulnerability in the B&R PPT30 Operating System.
NAVTOR Advisory - This advisory describes a use of hard-coded credentials vulnerability in the NAVTOR NavBox product.
Updates
Schneider Update - This update provides additional information on the Modicon M340 Controller advisory that was originally published on August 26th, 2025.
NOTE: I briefly mentioned on April 19th, 2026, the Schneider update upon which this update is based.
Mitsubishi Update - This update provides additional information on the Iconics Digital Solutions advisory that was originally published on July 2nd, 2024, and most recently updated on April 7th, 2026.
For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-2-updates-published-b03 - subscription required.
Posts
No comments:
Post a Comment