Today the CISA NCCIC-ICS published a control system security
advisory for products from FATEK Automation and updated a medical device
security advisory for products from Medtronic.

FATEK Advisory

This advisory
describes an integer underflow vulnerability in the FATEK WinProladder PLC. The
vulnerability was reported by Francis Provencher via the Zero Day Initiative.
NCCIC-ICS reports that FATEK is working on mitigation measures.

NCCIC-ICS reports that an uncharacterized attacker with
uncharacterized access could exploit the vulnerability to cause execution of
arbitrary code.

NOTE: I briefly
described
this vulnerability on March 13th, 2020.

Medtronic Update

This update
provides additional information on an advisory that was originally
published
on March 21st, 2019 and most
recently updated
on June 4th, 2020. The new information includes
announcing that updates are available for:

• Protecta™ Cardiac
Resynchronization Therapy Defibrillator (CRT-D), and

• Implanted Cardiac Defibrillator
(ICD), all models

By admin