Today the CISA NCCIC-ICS published one control system
security advisory for products from Rockwell Automation.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

Rockwell Advisory

This advisory describes
nine vulnerabilities in the Rockwell FactoryTalk AssetCentre. The
vulnerabilities were reported by Sharon Brizinov and Amir Preminger of Claroty.
Rockwell has a new version that mitigates the vulnerabilities. There is no
indication that the researchers have been provided an opportunity to verify the
efficacy of the fix.

The nine reported vulnerabilities are:

• Deserialization of untrusted data
(4) – CVE-2021-27462, CVE-2021-27466, CVE-2021-27470, and CVE-2021-27460,

• Use of potentially dangerous
function – CVE-2021-27474,

• OS command injunction – CVE-2021-27476,
and

• SQL injection – CVE-2021-27472, CVE-2021-27468,
and CVE-2021-27464

NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit these vulnerabilities to allow unauthenticated attackers
to perform arbitrary command execution, SQL injection, or remote code
execution.

By admin