Review – 6 Advisories Published – 9-21-23

Today, CISA’s NCCIC-ICS published six control system security advisories for products from Rockwell (3), Delta Electronics, Siemens, and Real Time Automation.

Advisories

Rockwell Advisory #1 - This advisory  describes an improper input validation vulnerability in the Rockwell FactoryTalk View Machine Edition.

Rockwell Advisory #2 - This advisory discusses five vulnerabilities in the Rockwell Connected Components Workbench.

NOTE: All five vulnerabilities are on CISA’s Known Exploited Vulnerabilities Catalog.

Rockwell Advisory #3 - This advisory describes a stack-based buffer overflow vulnerability in the Rockwell Logix Communication Modules.

Delta Advisory - This advisory describes an out-of-bounds write vulnerability in the Delta DIAScreen software configuration tool.

Siemens Advisory  - This advisory describes an incorrect permission for critical resource vulnerability in the Siemens Spectrum Power 7 product.

Real Time Automation Advisory - This advisory describes a cross-site scripting vulnerability in the Real Time Automation 460MCBS Modbus TCP to BACnet/IP Gateway.

 

For more details about the advisories, including links to 3^rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published-9-21-23 - subscription required.