Tuesday, March 21, 2023

Review – 7 Advisories and 1 Update Published – 3-21-23

Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Siemens (3), Rockwell Automation, VISAM, Delta Electronics, Keysight Technologies, and Hitachi Energy.


SCALANCE Advisory - This advisory discusses 17 vulnerabilities in the Siemens SCALANCE W-700 product line.

RADIUS Advisory - This advisory discusses an infinite loop vulnerability in the Siemens RADIUS client of SIPROTEC 5 devices.

RUGGEDCOM Advisory - This advisory discusses seven TOCTOU race condition vulnerabilities in the Siemens RUGGEDCOM APE1808 Product Family.

Rockwell Advisory - This advisory describes three vulnerabilities in the Rockwell ThinManager ThinServer.

VISAM Advisory - This advisory describes seven improper restriction of XML entity reference vulnerabilities in the VISAM VBASE Automation Base. 

Delta Advisory - This advisory describes 13 vulnerabilities in the Delta InfraSuite Device Master.

Keysight Advisory - This advisory describes a deserialization of untrusted data vulnerability in the Keysight N6854A Geolocation Sever.


Hitachi Energy Update - This update provides additional information on an advisory that was originally published on December 9th, 2021.


For more details about these advisories, including links to 3rd party advisories and exploits, as well as a brief summary of changes made in the update, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published-541 - subscription required.

No comments:

/* Use this with templates/template-twocol.html */