Review – 1 Advisory and 2 Updates Published – 4-30-24

Today, CISA’s NCCIC-ICS published a control system security advisory for products from Delta Electronics. They also updated two advisories for products from SEW-EURODRIVE and Unitronics.

Advisories

Delta Advisory - This advisory describes a stack-based buffer overflow vulnerability in the Delta CNCSoft-G2 DOPSoft.

Updates

SEW-EURODRIVE Update - This update provides additional information on an advisory that was originally published on January 16^th, 2024.

Unitronics Update - This update provides additional information on an advisory that was originally published on April 18^th, 2024.

 

For more information on these advisories, including summaries for changes made in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-2-updates-published-504 - subscription required. 

Review – 2 Advisories Published – 1-16-24

Today, CISA’s NCCIC-ICS published two control system security advisories for products from Integration Objects and SEW-EURODRIVE.

Advisories

Integration Objects Advisory - This advisory describes an improper output neutralization for logs vulnerability in the Integration Objects OPC UA Server Toolkit.

SEW-EURODRIVE Advisory - This advisory describes an improper restriction of XML external entity reference vulnerability in the SEW-EURODRIVE MOVITOOLS MotionStudio product.

 

For more information on these advisories, including a look at a DTRH look at vendor ‘failure-to-respond’, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-published-1-16-24 - subscription required.