Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

CISA Issues 4 ICS Advisories on Security

July 12, 2023
Reading Time: 2 mins read
in Alerts
CISA Issues 4 ICS Advisories on Security

 

CISA issued four ICS advisories on July 11, 2023, covering Rockwell Automation Enhanced HIM, Sensormatic Electronics iSTAR, Panasonic Control FPWin Pro7, and Mitsubishi Electric MELSEC-F Series, providing information on security issues, vulnerabilities, and mitigations for Industrial Control Systems (ICS).

ICSA-23-192-01 Rockwell Automation Enhanced HIM

Rockwell Automation’s Enhanced HIM communication interface is affected by a cross-site request forgery (CSRF) vulnerability. Exploitation of this vulnerability could result in sensitive information disclosure and full remote access to the affected products. Rockwell Automation recommends users update to Enhanced HIM Version 1.002 and follow their best security practices. CISA advises organizations to minimize network exposure, isolate control system networks, and use secure remote access methods. They also provide additional guidance and recommended practices to enhance cybersecurity in industrial control systems. No known public exploits targeting this vulnerability have been identified.

ICSA-23-192-02 Sensormatic Electronics iSTAR

Sensormatic Electronics’ iSTAR devices are vulnerable to improper authentication, allowing unauthenticated users to log in with administrator rights. The affected products include iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with specific firmware versions. Successful exploitation of this vulnerability could lead to unauthorized access to the devices. Johnson Controls, the parent company, recommends upgrading the firmware to version 6.9.2 CU01 as a mitigation measure. CISA advises minimizing network exposure, isolating control system networks, and using secure remote access methods. No known public exploits targeting this vulnerability have been reported, but the attack complexity is considered high.

ICSA-23-192-03 Panasonic Control FPWin Pro7

Panasonic’s Control FPWin Pro7 software is affected by multiple vulnerabilities, including stack-based buffer overflow, type confusion, and improper restriction of operations within a memory buffer. Successful exploitation of these vulnerabilities could lead to information disclosure or remote code execution. Panasonic has released version 7.7.0.0 of the software to address these issues. CISA recommends implementing defensive measures such as isolating control system networks and using secure remote access methods. No known public exploits for these vulnerabilities exist, and they are not exploitable remotely.

ICSA-23-180-04 Mitsubishi Electric MELSEC-F Series (Update A)

Mitsubishi Electric’s MELSEC-F Series products, specifically the Control FPWIN Pro7 software, are vulnerable to an authentication bypass by capture-replay attack. This vulnerability could allow an attacker to log in to the product by sending specially crafted packets. The affected products include various versions of the MELSEC-F Series, and Mitsubishi Electric has recommended using firewalls or virtual private networks (VPNs) to prevent unauthorized access. CISA advises implementing defensive measures, performing impact analysis and risk assessment, and following their control systems security recommended practices to mitigate the risk. No known public exploits specifically target this vulnerability, but it can be exploited remotely with low attack complexity.

Reference:
  • CISA Releases Four Industrial Control Systems Advisories
Tags: AuthenticationCISACyber AlertCyber Alerts 2023CybersecurityJuly 2023Mitsubishi ElectricPanasonicRockwell AutomationSensormatic ElectronicsUpdatesVulnerabilities
ADVERTISEMENT

Related Posts

Linux Core Dump Flaws Risk Password Leaks

Linux Core Dump Flaws Risk Password Leaks

June 2, 2025
Linux Core Dump Flaws Risk Password Leaks

GitHub Code Flaw Replicated By AI Models

June 2, 2025
Linux Core Dump Flaws Risk Password Leaks

Google Script Used In New Phishing Scams

June 2, 2025
OneDrive Flaw Gives Sites Full Data Access

OneDrive Flaw Gives Sites Full Data Access

May 30, 2025
OneDrive Flaw Gives Sites Full Data Access

Fake AI Apps Drop Ransomware And Malware

May 30, 2025
OneDrive Flaw Gives Sites Full Data Access

EDDIESTEALER Uses Fake CAPTCHAs for Stealing

May 30, 2025

Latest Alerts

Linux Core Dump Flaws Risk Password Leaks

GitHub Code Flaw Replicated By AI Models

Google Script Used In New Phishing Scams

EDDIESTEALER Uses Fake CAPTCHAs for Stealing

Fake AI Apps Drop Ransomware And Malware

OneDrive Flaw Gives Sites Full Data Access

Subscribe to our newsletter

    Latest Incidents

    Covenant Health Cyberattack Shuts Hospitals

    Moscow DDoS Attack Cuts Internet For Days

    Puerto Rico’s Justice Department Cyberattack

    State Actors Hit ConnectWise ScreenConnect

    Ivanti Flaw Hits NHS Staff and Patient Data

    Amalgamated Sugar Data Breach Exposes SSNs

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial