CISA releases Industrial Control Systems Advisories
CISA releases Industrial Control Systems Advisories
4/21/2022 12:06 PM EDT
ICS-CERT released the following 3 advisories today, April 21, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities.
This advisory contains mitigations for Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in Delta Electronics ASDA-Soft servo software.
Johnson Controls Metasys SCT Pro
This advisory contains mitigations for a Server-side Request Forgery vulnerability in Johnson Controls Metasys SCT Pro building automation software.
Hitachi Energy MicroSCADA ProX SYS600
This advisory contains mitigations for Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, and Exposure of Sensitive Information to an Unauthorized Actor vulnerabilities in the Hitachi Energy MicroSCADA Pro/X SYS600 SCADA product.
4/19/2022 1:36 PM EDT
ICS-CERT released the following 6 advisories today, April 19, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities.
This advisory contains mitigations for Improper Restriction of Excessive Authentication Attempts, and Inadequate Encryption Strength vulnerabilities in Interlogix Hills ComNav remote access integration modules.
This advisory contains mitigations for an Open Redirect vulnerability in Automated Logic WebCTRL building automation software.
FANUC Roboguide Simulation Platform
This advisory contains mitigations for Incorrect Permission Assignment for Critical Resource, Improper Access Control, Path Traversal, Improper Restriction of XML External Entity Reference, and Uncontrolled Resource Consumption vulnerabilities in FANUC ROBOGUIDE simulation software for FANUC robots.
This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities in Elcomplus SmartPPT SCADA voice and data dispatch software.
Elcomplus SmartPPT SCADA Server
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPPT SCADA Server voice and data dispatch software.
This updated advisory is a follow-up to the advisory update titled ICSA-21-119-04 Multiple RTOS (Update D) that was published November 30, 2021, to the ICS webpage on www.cisa.gov/uscert. CISA is aware of a public report known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries. This advisory contains mitigations for Integer Overflow or Wraparound vulnerabilities associated with this "BadAlloc" report.