Review – 2 Advisories Published – 1-24-23

Today, CISA’s NCCIC-ICS published two control system
security advisories for products from SOCOMEC and XINJE.

SOCOMEC Advisory –
This advisory
a weak encoding for password vulnerability in the SOCOMEC MODULYS GP modular uninterruptable
power supply (UPS).

XINJE Advisory – This
advisory
describes two vulnerabilities in the XINJE XD Programing Tool.

For more details about these advisories, and my commentary on
vendors ignoring CISA’s vulnerability coordination efforts, see my article at
CFSN Detailed Analysis – https://patrickcoyle.substack.com/p/2-advisories-published-1-24-23
– subscription required.