Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Rockwell Automation (3), Hitron, Mitsubishi Electric (2) and Emerson. They also updated an advisory for products from Mitsubishi.
Advisories
Rockwell Advisory #1 -
This advisory
discusses 15 vulnerabilities in multiple Rockwell Operator Panels.
Rockwell Advisory #2 -
This advisory
describes an improper verification of cryptographic signatures in the Rockwell FactoryTalk
Service Platform.
Rockwell Advisory #3 -
This advisory
describes an improper restriction of operations within the bounds of a memory
buffer in the Rockwell ControlLogix and GuardLogix products.
Hitron Advisory -
This advisory
describes six improper input validation vulnerabilities in the Hitron HGR and LGUVR series DVRs.
Mitsubishi Advisory
#1 - This advisory
describes an authentication bypass by capture-replay vulnerability in the Mitsubishi
MELSEC WS Series Ethernet Interface Modules.
Mitsubishi Advisory
#2 - This advisory
describes two vulnerabilities in the Mitsubishi FA Engineering Software
Products.
Emerson Advisory - This advisory describes four vulnerabilities in the Emerson Rosemount GC370XA, GC700XA, and GC1500XA gas chromatographs.
Updates
Mitsubishi Update -
This update
provides additional information on an advisory that was originally published on
July 27th, 2023 and most recently updated on December 5th,
2023.
For more information on these advisories, including links to 3rd party vulnerabilities and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published-c5e - subscription required.
Posts
