Thursday, April 11, 2024

Review – 9 Advisories Published – 4-11-24

Today, CISA’s NCCIC-ICS published nine control system security advisories for products from Rockwell Automation and Siemens (8).


Rockwell Advisory - This advisory describes an improper input validation vulnerability in the Rockwell 5015-AENFTXT ethernet/IP adapter.

Telecontrol Advisory - This advisory discusses 47 vulnerabilities in the Siemens Telecontrol Server Basic.

SINEC Advisory - This advisory discusses two vulnerabilities in the Siemens SINEC NMS product.

Parasolid Advisory - This advisory describes three vulnerabilities in the Siemens Parasolid product.

SCALANCE Advisory - This advisory discusses three classic buffer overflow vulnerabilities in the Siemens SCALANCE W1750D direct access point.

RUGGEDCOM Advisory #1 - This advisory that discusses five vulnerabilities (two with known exploits) in the Siemens RUGGEDCOM APE1808 application hosting platform.

RUGGEDCOM Advisory #2 - This advisory discusses six vulnerabilities (one listed in CISA’s KEV catalog) in the Siemens RUGGEDCOM APE1808 application hosting platform.

SIMATIC Advisory #1 - This advisory describes a classic buffer overflow vulnerability in the Siemens SIMATIC PCS 7 and SIMATIC WinCC.

SIMATIC Advisory #2 - This advisory discusses eight vulnerabilities in the Siemens SIMATIC S7-1500.


For more information on these advisories, including links to 3rd party advisories and exploits, as well as a down-the-rabbit-hole look at duplicate CVE’s in one of the advisories, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */