CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – October 4, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

• Johnson Controls Metasys ADX Server
• Hitachi Energy Modular Switchgear Monitoring (MSM) – Product Used in the Energy Sector
• Horner Automation Cscape
• OMRON CX-Programmer

Alerts, Updates, and Bulletins:

• Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server
• CISA Adds Three Known Exploited Vulnerabilities to Catalog
• VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere
• CISA Issues Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks
• Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
• Hurricane-Related Scams 
• Cisco Releases Security Updates for Multiple Products
• Drupal Releases Security Update
• Mozilla Releases Security Update for Thunderbird