Today the CISA NCCIC-ICS published a control system security
advisory for products from FATEK Automation and updated a medical device
security advisory for products from Medtronic.
describes an integer underflow vulnerability in the FATEK WinProladder PLC. The
vulnerability was reported by Francis Provencher via the Zero Day Initiative.
NCCIC-ICS reports that FATEK is working on mitigation measures.
NCCIC-ICS reports that an uncharacterized attacker with
uncharacterized access could exploit the vulnerability to cause execution of
NOTE: I briefly
described this vulnerability on March 13th, 2020.
provides additional information on an advisory that was originally
published on March 21st, 2019 and most
recently updated on June 4th, 2020. The new information includes
announcing that updates are available for:
• Protecta™ Cardiac
Resynchronization Therapy Defibrillator (CRT-D), and
• Implanted Cardiac Defibrillator
(ICD), all models