ICS hardware vulnerabilities discovered in TELSAT, SDG Technologies, Yokogawa, and Johnson Controls

TLDR:

Key Points:

• CISA published seven ICS advisories highlighting vulnerabilities in equipment from TELSAT, SDG Technologies, Yokogawa, and Johnson Controls
• Vulnerabilities include command injection, missing authorization, cross-site scripting, and storing passwords in a recoverable format

Article Summary:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued advisories regarding vulnerabilities in ICS equipment from various companies. The vulnerabilities identified include:

• TELSAT MarKoni’s FM Transmitters: vulnerabilities can be exploited remotely with low attack complexity, including command injection and improper access control
• SDG Technologies’ PnPSCADA: missing authorization vulnerability could lead to unauthorized control and data manipulation
• Yokogawa’s FAST/TOOLS and CI Server: vulnerabilities include cross-site scripting and storing passwords in an empty format, allowing for remote code execution
• Johnson Controls’ Illustra Essentials Gen 4: vulnerabilities involve improper input validation, storing passwords in a recoverable format, and insertion of sensitive information into log files

Each company has recommended solutions or updates to mitigate these vulnerabilities and enhance the security of their systems.