by

CISA releases 5 Industrial Control Systems Advisories

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Industrial Control Systems (ICS) Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

ICS-CERT released the following 5 advisories today, August 2, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities.

Mitsubishi
Electric Factory Automation Products Path Traversal (Update C)

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-03 Mitsubishi Electric Factory Automation Products Path Traversal (Update B) that was published May 27, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory
contains mitigations for a
Path Traversal vulnerability in various Mitsubishi Electric Factory Automation products.
 

Mitsubishi
Electric Factory Automation Engineering Products (Update H)

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update E) that was published May 24, 2022, to the ICS webpage on cisa.gov/ics.
This advisory contains mitigations for an
Unquoted Search Path or Element vulnerability in various Mitsubishi Electric Factory Automation Engineering products.
 

Mitsubishi
Electric FA Engineering Software Products (Update F)

This updated advisory is a follow-up to the advisory update titled ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update E) that was published May 24, 2022, to the ICS webpage on cisa.gov/ics. This
advisory contains mitigations for Heap-based Buffer Overflow and Improper Handling of Length Parameter Inconsistency vulnerabilities in various Mitsubishi Electric FA Engineering Software products that communicate with MELSEC, FREQROL, or GOT products.
 

Delta Electronics DIAEnergie (Update
C)

This updated advisory is a follow-up to the advisory update titled ICSA-21-238-03 Delta Electronics DIAEnergie (Update B) that was published March 22, 2022, on the ICS webpage at
www.cisa.gov/ics. This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Authentication Bypass Using an Alternate Path or Channel, Unrestricted Upload of File with Dangerous Type, SQL Injection,
Cross-site Request Forgery, Cross-site Scripting, and Cleartext Transmission of Sensitive Information vulnerabilities in Delta Electronics DIAEnergie, an industrial energy management system.
 

Delta Electronics DIAEnergie (Update
C)

This updated advisory is a follow-up to the advisory update titled ICSA-22-081-01 Delta Electronics DIAEnergie (Update B) that was published April 28, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains
mitigations for Path Traversal, Incorrect Default Permissions, SQL Injection, and Uncontrolled Search Path Element vulnerabilities in Delta electronics DIAEnergie, an industrial energy management system.
 

Having trouble viewing this message? View
it as a webpage

You are subscribed to updates from the
Cybersecurity and Infrastructure Security Agency (CISA)
Manage Subscriptions  |  Privacy
Policy
  | 
Help

Connect with CISA:

Facebook  | 
Twitter  | 
Instagram  | 
LinkedIn  |  
YouTube


This email was sent to b13b3fdf.spsmail.cuny.edu@amer.teams.ms using GovDelivery Communications Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency · 707 17th St, Suite
4000 · Denver, CO 80202
GovDelivery logo

Write a Comment

Comment

  • Related Content by Tag