Review – 15 Advisories Published – 5-11-23

VACATION DELAYED

Earlier this week, CISA’s NCCIC-ICS published 15 control system security advisories for products from Rockwell Automation (4), PTC, SDG, BirdDog, Teltonika, Sierra Wireless, and Siemens (6).

Advisories

Rockwell Advisory #1 - This advisory describes an inadequate encryption strength vulnerability in the Rockwell ThinManager, a software management platform.

Rockwell Advisory #2 - This advisory discusses two vulnerabilities in the Rockwell PanelView 800 graphics terminal.

Rockwell Advisory #3 - This advisory describes three incorrect restriction of operations within the bounds of a memory buffer vulnerabilities in the Rockwell Arena Simulation Software.

Rockwell Advisory #4 - This advisory describes an improper access control vulnerability in the Rockwell Kinetix 5500 EtherNet/IP Servo Drive.

PTC Advisory - This advisory describes six vulnerabilities in the PTC Vuforia Studio products.

SDG Advisory - This advisory describes an SQL injection vulnerability in the SDG PnPSCADA products.

BirdDog Advisory - This advisory describes two vulnerabilities in various BirdDog camera and encoder.

Teltonika Advisory - This advisory describes eight vulnerabilities in the Teltonika Remote Management System and RUT model routers.

Sierra Wireless Advisory - This advisory describes two vulnerabilities in the Sierra Wireless AirVantage cloud management platform.

Siemens Advisory #1 - This advisory describes four vulnerabilities in the Siemens SCALANCE LPE9403.

Siemens Advisory #2 - This advisory discusses nine vulnerabilities in the Siemens SINEC NMS.

Siemens Advisory #3 - This advisory describes seven vulnerabilities in the Siemens SIMATIC Cloud Connect 7 product.

Siemens Advisory #4 - This advisory describes two deserialization of untrusted data vulnerabilities in the Siemens Siveillance Video IP video management software.

Siemens Advisory #5 - This advisory discusses the Framing Frames vulnerability in the Siemens SCALANCE W1750D products.

Siemens Advisory #6 - This advisory describes three vulnerabilities in the Siemens Solid Edge SE2023 product.

 

For more details on these advisories, including links to 3^rd party advisories, researcher reports, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/15-advisories-published-5-11-23 - subscription required –