Number: AV21-642
Date: 17 December 2021
On 16 December 2021 ICS-CERT published ICS Advisories to highlight vulnerabilities in the following products:
- CNCSoft – version 1.01.30 and prior
- DIAEnergie – version 1.7.5 and prior
Exploitation of these vulnerabilities could lead to a denial of service, information disclosure and arbitrary code execution.
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.
ICS Advisory (ICSA-21-238-03)
https://www.cisa.gov/uscert/ics/advisories/icsa-21-238-03
ICS Advisory (ICSA-21-350-02)
https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-02