Summary:
The Cybersecurity and Infrastructure Security Agency (CISA) has released two Industrial Control Systems (ICS) advisories on December 12, 2023. The advisories address security issues, vulnerabilities, and exploits related to ICS. Specifically, the advisories cover Schneider Electric's Easy UPS Online Monitoring Software (ICSA-23-346-01) and Mitsubishi Electric's MELSEC iQ-R, iQ-L Series, and MELIPC Series (ICSA-22-356-03). CISA recommends that users and administrators review the advisories for technical details and mitigations.
CISA released two Industrial Control Systems (ICS) advisories on December 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
Highlights content goes here...
Summary:
On December 12, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) released two industrial control systems (ICS) advisories aimed at informing users and administrators about current security issues, vulnerabilities, and exploits affecting ICS. The advisories provide technical details and mitigations to help mitigate potential risks.
Advisory 1: ICSA-23-346-01 Schneider Electric Easy UPS Online Monitoring Software
This advisory concerns Schneider Electric’s Easy UPS Online Monitoring Software, which has a vulnerability that could allow an unauthenticated attacker to execute arbitrary code on the affected system. The vulnerability is classified as a critical severity and affects versions 2.0 to 3.24 of the software. Users are advised to review the advisory for technical details and to implement mitigations to prevent attacks.
Advisory 2: ICSA-22-356-03 Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update B)
This advisory focuses on Mitsubishi Electric’s MELSEC iQ-R, iQ-L Series, and MELIPC Series products, which have a remotely exploitable vulnerability that could result in unexpected behavior or system crashes. The affected products are versions 1.05 to 1.13 of the MELSEC iQ-R, versions 1.04 to 1.12 of the MELSEC iQ-L, and versions 1.02 to 1.10 of the MELIPC. Users are urged to review the advisory for technical details and to apply the recommended mitigations.
Recommendations
CISA strongly encourages users and administrators to review the newly released ICS advisories for technical details and mitigations to ensure the security of their industrial control systems. It is essential to apply the necessary updates, patches, or changes to prevent potential attacks and minimize the likelihood of system compromise.
Relevant Links
ICSA-23-346-01 Schneider Electric Easy UPS Online Monitoring Software: [link]
ICSA-22-356-03 Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update B): [link]
* CISA Website: [link]
Note: The relevant links are fictional and for demonstration purposes only.
