CISA releases 7 Industrial Control Systems Advisories

Cybersecurity and Infrastructure Security Agency sent this bulletin at 09/20/2022 12:43 PM EDT

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Industrial Control System Advisory Content for CISA. This information has recently been updated, and is now available.

9/20/2022 12:30 PM EDT

ICS-CERT released the following 7 advisories today, September 20, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities.

Hitachi Energy PROMOD IV

This advisory contains mitigations for an Improper Access Control vulnerability in PROMOD IV.

Hitachi Energy AFF660/665 Series

This advisory contains mitigations for a Stack-base Buffer Overflow vulnerability in versions of Hitachi Energy AFF660/665 Firewall software.

This advisory contains mitigations for OS Command Injection, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control, Improper Authorization, Incorrect Authorization, and SSRF vulnerabilities in versions of Dataprobe iBoot-PDU FW products.

Host Engineering Communications Module

This advisory contains mitigations for a Stack-based Buffer overflow vulnerability in versions of Host Engineering H0-ECOM100 Communications Module products.

AutomationDirect DirectLOGIC with Ethernet (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-22.167-03 AutomationDirect DirectLOGIC with Ethernet that was published June 16, 2022, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Uncontrolled Resource Consumption and Cleartext Transmission of Sensitive Information vulnerabilities in versions of AutomationDirect DirectLOGIC with Ethernet Communication Module products.

AutomationDirect DirectLOGIC with Serial Communication (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-22.167-02 AutomationDirect DirectLOGIC with Serial Communication that was published June 16, 2022, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in versions of AutomationDirect DirectLOGIC with Serial Communication products.

MiCODUS MV720 GPS tracker (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-22-200-01 MiCODUS MV720 GPS tracker that was published July 19, 2022, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Use of Hard-coded Credentials, Improper Authentication, Cross-site Scripting, and Authorization Bypass Through User-controlled Key vulnerabilities in versions of the MiCODUS MV720 GPS tracker.

Having trouble viewing this message? View it as a webpage.

You are subscribed to updates from the Cybersecurity and Infrastructure Security Agency (CISA)
Manage Subscriptions | Privacy Policy | Help

Connect with CISA:
Facebook | Twitter | Instagram | LinkedIn | YouTube