Today, CISA’s NCCIC-ICS published nine control system security advisories for products from Rockwell Automation and Siemens (8).
Advisories
Rockwell Advisory -
This advisory
describes an improper input validation vulnerability in the Rockwell 5015-AENFTXT
ethernet/IP adapter.
Telecontrol Advisory -
This advisory
discusses 47 vulnerabilities in the Siemens Telecontrol Server Basic.
SINEC Advisory - This
advisory
discusses two vulnerabilities in the Siemens SINEC NMS product.
Parasolid Advisory -
This advisory
describes three vulnerabilities in the Siemens Parasolid product.
SCALANCE Advisory -
This advisory
discusses three classic buffer overflow vulnerabilities in the Siemens SCALANCE
W1750D direct access point.
RUGGEDCOM Advisory #1
- This advisory
that discusses five vulnerabilities (two with known exploits) in the Siemens RUGGEDCOM
APE1808 application hosting platform.
RUGGEDCOM Advisory #2
- This advisory
discusses six vulnerabilities (one listed in CISA’s KEV catalog) in the Siemens
RUGGEDCOM APE1808 application hosting platform.
SIMATIC Advisory #1 -
This advisory
describes a classic buffer overflow vulnerability in the Siemens SIMATIC PCS 7
and SIMATIC WinCC.
SIMATIC Advisory #2 -
This advisory
discusses eight vulnerabilities in the Siemens SIMATIC S7-1500.
For more information on these advisories, including links to
3rd party advisories and exploits, as well as a down-the-rabbit-hole
look at duplicate CVE’s in one of the advisories, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/9-advisories-published-4-11-24
- subscription required.
Posts
No comments:
Post a Comment