On June 4, 2024, CISA released four new advisories addressing vulnerabilities in Industrial Control Systems (ICS). These advisories aim to inform users and administrators about current security issues and potential exploits targeting these systems. The advisories cover a range of ICS products, each with specific vulnerabilities that need to be addressed to ensure system security and integrity.
The first advisory, ICSA-24-156-01, focuses on the Uniview NVR301-04S2-P4. This product, like the others, has been identified as having vulnerabilities that could be exploited by attackers. The advisory provides detailed information on the nature of these vulnerabilities and suggests measures that can be taken to mitigate the risks associated with them.
The second and third advisories, ICSA-23-278-03 and ICSA-22-172-01, pertain to Mitsubishi Electric products. The CC-Link IE TSN Industrial Managed Switch and the MELSEC iQ-R, Q, L Series and MELIPC Series, respectively, have received updates labeled Update A and Update C. These updates are crucial as they address specific flaws that, if left unpatched, could be exploited to compromise the systems.
Lastly, ICSA-24-151-02 covers the Fuji Electric Monitouch V-SFT, also receiving an update labeled Update A. CISA emphasizes the importance of reviewing these advisories to understand the technical details and recommended mitigations. By addressing these vulnerabilities promptly, users and administrators can enhance the security of their ICS environments and protect against potential attacks.
Reference:
