Review – 6 Advisories Published – 1-23-24

Today, CISA’s NCCIC-ICS published five control system security advisories for products from Lantronix, Westermo, Voltronic Power, Crestron, and APsystems, and one medical device security advisory for products from Orthanc.

Advisories

Lantronix Advisory - This advisory describes a weak encoding for passwords vulnerability in the Lantronix XPort Device Server Configuration Manager.

Westermo Advisory - This advisory describes eight vulnerabilities in the Westermo Lynx 206-F2G layer-three industrial Ethernet switch.

Voltronic Advisory - This advisory describes four vulnerabilities in the Voltronic ViewPower Pro Uninterruptable Power Supply (UPS) management software.

APsystems Advisory - This advisory describes an improper access control vulnerability in the APsystems Energy Communication Unit (ECU-C) Power Control Software.

Orthanc Advisory - This advisory describes a cross-site scripting vulnerability in the Orthanc Osimis Web Viewer.

 

For more details about these advisories, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published-1-23-24 - subscription required.

Review – 1 Advisory Published – 8-1-23

Today, CISA’s NCCIC-ICS published a control system security advisory for products from APSystems.

Advisories

APSystems Advisory - This advisory describes an OS command injection vulnerability in the APSystems Power Control Software used in commercial and residential solar systems.

 

For more details about this advisory, including a discussion about the researcher disclosure process, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-published-8-1-23 - subscription required.