CISA Releases Six Advisories for Industrial Control Systems

The Cybersecurity and Infrastructure Security Agency (CISA) has issued six advisories about vulnerabilities across a range of industrial control system companies. These vulnerabilities affect Rockwell Automation’s RSLogix 5 and RSLogix 500 software, IDEC PLCs, IDEC Corporation’s WindLDR and WindO/I-NV4 software, MegaSys Computer Technologies’ Telenium Online Web Application, Kastle Systems Access Control System, and Treck TCP/IP. The weaknesses found range from insufficient data authenticity verification to cleartext storage and transmissions, and improper input validation.