CISA releases 6 Industrial Control Systems Advisories

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to no topic for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

ICS-CERT released the following 6 advisories today, June 23, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities.

This advisory contains mitigations for a path traversal, relative path traversal, NULL pointer reference vulnerability in DCMTK, an OFFIS product of libraries and software that process DICOM image files

This advisory contains mitigations for Cleartext Transmission of Sensitive Information, and Use of Hard-coded Credentials vulnerabilities in the Yokogawa STARDOM network control system.

This advisory contains mitigations for a Violation of Secure Design Principles vulnerability in the Yokogawa Consolidation Alarm Management Software for Human Interface Station (CAMS for HIS).

This advisory contains mitigations for Improper Enforcement of Behavioral Workflow, Lack of Administrator Control over Security, Improper Privilege Management, and Insufficiently Protected Credentials vulnerabilities in the Secheron SEPCOS Control and Protection Relay. 

This advisory contains mitigations for an Out-of-bounds Write vulnerability in the Pyramid Solutions EtherNet/IP Adapter Development Kit.

This advisory contains mitigations for Improper Access Control, Relative Path Traversal, and Cross-site Scripting vulnerabilities in the Elcomplus SmartICS web-based HMI.