Review – 5 Advisories and 3 Updates Published – 11-22-22

Today, CISA’s NCCIC-ICS published five control system security advisories for products from Moxa, GE, Phoenix Contact, Digital Alert Systems, and AVEVA. They updated two control system advisories for products from Moxa and one medical device security advisory for products from Hillrom.

Security Advisories

Moxa Advisory – This advisory describes an execution with unnecessary privilege vulnerability in the Moxa ARM-Based Computers.

GE Advisory – This advisory describes five vulnerabilities in the GE CIMPLICITY HMI/SCADA software.

Phoenix Contact Advisory – This advisory describes two vulnerabilities in the Phoenix Contact Automation Worx Software Suite.

NOTE: I briefly discussed these vulnerabilities on November 13th, 2022.

Digital Alert Advisory – This advisory describes two cross-site scripting vulnerabilities (one with known exploit) in the Digital Alert Systems DASDEC emergency messaging devices.

AVEVA Advisory – This advisory describes four vulnerabilities in the AVEVA Edge (InduSoft Web Studio).

Security Updates

Mitsubishi Update #1 – This update provides additional information on an advisory that was originally published on July 30th, 2020 and most recently updated on August 2nd, 2022.

I briefly discussed the Mitsubishi update last weekend.

Mitsubishi Update #2 – This update provides additional information on an advisory that was originally published on February 18th, 2021 and most recently updated on August 2nd, 2022.

I briefly discussed the Mitsubishi update last weekend.

Hillrom Update – This update provides additional information on an advisory that was originally published on June 1st, 2021 and most recently updated on September 8th, 2022.

Read more

Explore the site

More from the blog

Latest News