CISA Released 6 ICS Advisories
Turning Point for Efficiency at Dominion Energy South Carolina – SACE | Southern Alliance for Clean Energy
March 31, 2022
Memphis Is Evaluating New Electricity Suppliers – SACE | Southern Alliance for Clean Energy
March 31, 2022
Summary:
CS-CERT released Advisories on six Industrial Control Systems vulnerabilities.
Additional Discussion:
ICS-CERT advisories
Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities.
This advisory contains mitigations for Missing Authentication for Critical Function vulnerability in the Philips e-Alert MRI system monitoring platform.
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Rockwell Automation ISaGRAF software products.
This advisory contains mitigations for Stack-based Buffer Overflow, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, and Out-of-bounds Write vulnerabilities in the Omron CX-Position control software.
Hitachi Energy LinkOne WebView
This advisory contains mitigations for Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, and Exposure of Sensitive Information to an Unauthorized Actor vulnerabilities in the Hitachi Energy LinkOne WebView graphical parts catalog.
This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the Modbus Tools Modbus Slave PLC programming simulation tool.
Delta Electronics DIAEnergie (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-22-081-01 Delta Electronics DIAEnergie that was published March 22, 2022. This advisory contains mitigations for Path Traversal, Incorrect Default Permissions, and SQL Injection vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.
