CISA releases 7 Industrial Control Systems Advisories

Cybersecurity and Infrastructure Security Agency sent this bulletin at 05/31/2022 12:34 PM EDT

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to no topic for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

5/31/2022 12:34 PM EDT

ICS-CERT released the following 7 advisories today, May 31, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities.

BD Pyxis

This advisory contains mitigations for a Not Using Password Aging vulnerability in the BD Pyxis automated medication dispensing system.

BD Synapsys

This advisory contains mitigations for an Insufficient Session Expiration vulnerability in the BD Synapsys microbiology informatics software platform.

Fuji Electric Alpha7 PC Loader

This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the Fuji Electric Alpha7 PC Loader servo drive system.

Mitsubishi Electric MELSEC iQ-F Series (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-22-139-01 Mitsubishi Electric MELSEC iQ-F Series that was published May 19, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC iQ-F Series CPU modules.

Mitsubishi Electric FA products (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-22-090-04 Mitsubishi Electric FA Products that was published March 31, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for a Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, and Authentication Bypass by Capture-replay vulnerabilities in Mitsubishi Electric FA CPU module products.

Mitsubishi Electric Multiple Products (Update D)

This updated advisory is a follow-up to the advisory update titled ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update C) that was published September 9, 2021, to the ICS webpage at cisa.gov/ics. This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerability in several Mitsubishi Electric devices.

Mitsubishi Electric Factory Automation Engineering Software (Update B)

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-02 Mitsubishi Electric Factory Automation Engineering Software (Update A) that was published January 5, 2021, to the ICS webpage at cisa.gov/ics. This advisory contains mitigations for a Permission Issues vulnerability in Mitsubishi Electric Factory Automation Engineering software products.

Having trouble viewing this message? View it as a webpage.

You are subscribed to updates from the Cybersecurity and Infrastructure Security Agency (CISA)
Manage Subscriptions | Privacy Policy | Help

Connect with CISA:
Facebook | Twitter | Instagram | LinkedIn | YouTube