us-cert

This updated advisory is a follow-up to the advisory update titled ICSA-21-252-02 Delta Electronics DOPSoft2 that was published September 09, 2021, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-Bounds Write, and Heap-based Buffer Overflow vulnerabilities in Delta Electronics DOPSoft 2 HMI editing software.

This advisory contains mitigations for Improper Access Control, Uncontrolled Resource Consumption, Use of Hard-Coded Credentials, Active Debug Code vulnerabilities in Contec Health CMS8000, a ICU CCU Vital Signs Patient Monitor.

This advisory contains mitigations for an Out-of-bounds Read vulnerability in versions of Delta Electronics DOPSoft, a software supporting the DOP-100 series HMI screens.

This advisory contains mitigations for Inconsistent Interpretation of HTTP Requests, Use After Free, Classic Buffer Overflow, Integer Underflow, Improper Certificate Validation, Observable Discrepancy vulnerabilities in Hitachi Energy FACTS Control Platform (FCP).

This advisory contains mitigations for a Hitachi Energy Gateway Station (GWS) Product vulnerability in Inconsistent Interpretation of HTTP Requests, Use After Free, Classic Buffer Overflow, Integer Underflow, Improper Certificate Validation, Observable Discrepancy.

This advisory contains mitigations for a Hitachi Energy MSM Product vulnerability in Reliance on Uncontrolled Component.

This advisory contains mitigations for a Hitachi Energy RTU500 series vulnerability in Improper Input Validation.

This advisory contains mitigations for a Fuji Electric D300win vulnerability Out-of-bounds Read, Write-what-where Condition

This advisory contains mitigations for a Honeywell ControlEdge vulnerability Missing Authentication for Critical Function.

This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in versions of the Honeywell equipment, Experion LX, distributed control system (DCS).