CISA releases two industrial control systems advisories

Two new advisories from CISA focus on security vulnerabilities affecting industrial control systems, specifically targeting implementations of ISO 15118-2 and Hitachi Energy's TropOS platform. These vulnerabilities pose risks related to unauthorized access and system integrity within critical control environments.

The advisories identify Common Vulnerabilities and Exposures (CVE) designations for the issues found, detailing the affected software versions for TropOS and the relevant components impacted under ISO 15118-2 standards. The vulnerabilities involve specific protocols and system functions requiring authenticated interaction, with precise exploit conditions noted. Distinctions between each advisory's findings clarify the nature of the exposed weaknesses in protocol handling and system component access.

The vulnerabilities could potentially allow attackers to disrupt system operations or gain unauthorized control if exploited. The advisories explicitly outline the scope of impacts on device functionality and control processes without elaboration beyond stated consequences.

Remediation measures are described within each advisory, including available software updates and patches for affected versions. Where fixes are not yet released, the advisories specify the current status and any interim measures suggested. No additional mitigation strategies are offered beyond those provided in the advisories.

CISA recommends that system operators and administrators consult the full details in these advisories to understand the technical specifics and apply the suggested updates or mitigations. The aim is to ensure systems are updated appropriately to maintain control environment security.