Today, CISA’s NCCIC-ICS published two control system
security advisories for products from Johnson Control and Moxa.

Johnson Controls Advisory – This advisory discusses
the original Log4Shell vulnerability
in the Johnson Control Exacq Technologies Enterprise Manager.

NOTE: It is interesting that nowhere does the NCCIC-ICS
advisory mention the Apache vulnerabilities except by the CVE #. This would
have been a good place to publish a reference to yesterday’s CISA, et al, advisory on “Mitigating
Log4Shell and Other Log4j-Related Vulnerabilities”, especially since this is
the first NCCIC-ICS advisory on Log4Shell.

Moxa Advisory – This advisory
describes a clear-text transmission of sensitive information vulnerability in
the Moxa MGate MB3180/MB3280/MB3480 Series Protocol Gateways.

NOTE: It looks like NCCIC-ICS is reporting the wrong CVE
number for this advisory.

For more details about these advisories, see my article at
CFSN Detailed Analysis – – subscription required.

Go to Source of this post
Author Of this post: PJCoyle

By admin