Today, CISA published 14 control system security advisories for products from Siemens (12), Hitachi Energy, and Red Lion.
Siemens published two additional advisories and 18 updates on Tuesday. I will be covering them this weekend.
Advisories
RUGGEDCOM Advisory -
This advisory
discusses three vulnerabilities in the Siemens RUGGEDCOM APE1808.
SIMATIC Advisory #1 -
This advisory
discusses eight vulnerabilities in the Siemens SIMATIC MV500.
SIMATIC Advisory #2 -
This advisory
describes four vulnerabilities in the Siemens SIMATIC PCS neo.
PNI Advisory - This
advisory
discusses 13 vulnerabilities in the Siemens SINEC PNI product.
Mendix Advisory #1 -
This advisory
discusses an out-of-bounds write vulnerability in the Siemens Mendix Studio Pro
7, 8, 9, 10.
Mendix Advisory #2 -
This advisory
describes an authentication bypass by capture-replay vulnerability in the
Siemens Mendix Runtime.
SIPROTEC Advisory -
This advisory
discusses the Urgent/11 vulnerabilities
in the Siemens SIPROTEC 4 7SJ66.
SCALANCE Advisory #1 -
This advisory
discusses 15 vulnerabilities in the Siemens SCALANCE Family Products.
SCALANCE Advisory #2 -
This advisory
that discusses an improper input validation vulnerability in the Siemens
SCALANCE W700.
OPC UA Advisory -
This advisory
describes an improper restriction of XML entity reference vulnerability in the Siemens
OPC UA Modeling Editor (SiOME).
Desigo Advisory -
This advisory
discusses three vulnerabilities in the Siemens Desigo CC product family.
Hitachi Energy
Advisory - This advisory
describes two vulnerabilities in the Hitachi Energy MACH System Software.
Red Lion Advisory -
This advisory
describes two vulnerabilities in the Red Lion Sixnet and VersaTRAK Series RTU.
For more details about these advisories, including links to
3rd party advisories and exploits, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/14-advisories-published-11-16-23
- subscription required.
Posts
No comments:
Post a Comment