Today, CISA’s NCCIC-ICS published ten control system security advisories for products from Rockwell Automation (8), Ocean Data Systems, and AVEVA.
NOTE: The Ocean advisory also applies to an AVEVA product.
Advisories
ControlLogix Advisory
#1 - This advisory
describes an improper input validation vulnerability in the Rockwell
ControlLogic, CompactLogic and GuardLogic products.
ControlLogix Advisory
#2 - This advisory
describes an improper input validation vulnerability in the Rockwell
ControlLogic, CompactLogic and GuardLogic products.
ControlLogix Advisory
#3 - This advisory
describes an improper check for unusual or exceptional conditions vulnerable to
in the Rockwell ControlLogix 5580, GuardLogix 5580 products.
Micro850/870 Advisory
- This advisory
describes an uncontrolled resource consumption vulnerability in the Rockwell Micro850/870
PLC’s.
FactoryTalk Advisory -
This advisory
describes an incorrect permission for critical function vulnerability in the Rockwell
FactoryTalk View Site Edition.
DataMosaix Advisory -
This advisory
describes an improper authentication vulnerability in the Rockwell DataMosaix
Private Cloud.
Pavilion8 Advisory -
This advisory
describes a missing encryption of sensitive data in the Rockwell Pavilion8
model predictive control software.
AADvance Advisory -
This advisory
discusses two vulnerabilities in the Rockwell AADvance Standalone OPC-DA Server.
Ocean Advisory - This
advisory
describes two vulnerabilities in the Ocean Dream Report, a report generating
and delivery software, and the AVEVA Reports for Operations 2023 software.
AVEVA Advisory - This
advisory
describes an allocation of resources without limits or throttling vulnerability
in the AVEVA SuiteLink Server.
For more information on these advisories, including links to
3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/10-advisories-published-8-13-24
- subscription required.
Posts
No comments:
Post a Comment