Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Rockwell Automation, Honeywell, and Siemens (5). They also updated an advisory for products from AVEVA.
Siemens published two additional advisories on Tuesday that were not addressed here. They also updated 22 advisories, but NCCIC-ICS is no longer covering updates for Siemens products. I will be covering all of those this weekend.
Advisories
Rockwell Advisory - This advisory
describes an exposure of sensitive information to an unauthorized actor
vulnerability in the Rockwell Modbus TCP Server AOI.
Honeywell Advisory - This advisory
describes three vulnerabilities in the Honeywell OneWireless Wireless Device
Manager (WDM).
Mendix Advisory - This advisory
describes an incorrect implementation of authentication algorithm vulnerability
in the Siemens Mendix SAML Module.
SCALANCE Advisory - This advisory
discusses four vulnerabilities in the Siemens SCALANCE W1750D.
RUGGEDCOM Advisory #1 - This advisory
describes two missing authorization vulnerabilities in the Siemens RUGGEDCOM
CROSSBOW.
RUGGEDCOM Advisory #2 - This advisory
describes two vulnerabilities in the Siemens RUGGEDCOM CROSSBOW.
Third-Party Advisory - This advisory
describes 65 vulnerabilities in the Siemens SCALANCE and RUGGEDCOM products.
AVEVA Update - This
update
provides additional information on an advisory that was originally
published on December 8th, 2022.
For more details about these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/review-7-advisories-and-1-update
- subscription required.
Posts
No comments:
Post a Comment