Review – 7 Advisories and 1 Update Published – 3-21-23

Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Siemens (3), Rockwell Automation, VISAM, Delta Electronics, Keysight Technologies, and Hitachi Energy.

Advisories

SCALANCE Advisory - This advisory discusses 17 vulnerabilities in the Siemens SCALANCE W-700 product line.

RADIUS Advisory - This advisory discusses an infinite loop vulnerability in the Siemens RADIUS client of SIPROTEC 5 devices.

RUGGEDCOM Advisory - This advisory discusses seven TOCTOU race condition vulnerabilities in the Siemens RUGGEDCOM APE1808 Product Family.

Rockwell Advisory - This advisory describes three vulnerabilities in the Rockwell ThinManager ThinServer.

VISAM Advisory - This advisory describes seven improper restriction of XML entity reference vulnerabilities in the VISAM VBASE Automation Base. 

Delta Advisory - This advisory describes 13 vulnerabilities in the Delta InfraSuite Device Master.

Keysight Advisory - This advisory describes a deserialization of untrusted data vulnerability in the Keysight N6854A Geolocation Sever.

Updates

Hitachi Energy Update - This update provides additional information on an advisory that was originally published on December 9^th, 2021.

 

For more details about these advisories, including links to 3^rd party advisories and exploits, as well as a brief summary of changes made in the update, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published-541 - subscription required.