CISA releases 6 Industrial Control Systems Advisories
Cybersecurity and Infrastructure Security Agency sent this bulletin at 03/29/2022 01:52 PM EDT
You are subscribed to no topic for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.
This advisory contains mitigations for Missing Authentication for Critical Function vulnerability in the Philips e-Alert MRI system monitoring platform.
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Rockwell Automation ISaGRAF software products.
This advisory contains mitigations for Stack-based Buffer Overflow, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, and Out-of-bounds Write vulnerabilities in the Omron CX-Position control software.
This advisory contains mitigations for Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, and Exposure of Sensitive Information to an Unauthorized Actor vulnerabilities in the Hitachi Energy LinkOne WebView graphical parts catalog.
This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the Modbus Tools Modbus Slave PLC programming simulation tool.
This updated advisory is a follow-up to the original advisory titled ICSA-22-081-01 Delta Electronics DIAEnergie that was published March 22, 2022, on the ICS webpage at www.cisa.gov/uscert. This advisory contains mitigations for Path Traversal, Incorrect Default Permissions, and SQL Injection vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.