Tuesday, August 13, 2024

Review – 10 Advisories Published – 8-13-24

Today, CISA’s NCCIC-ICS published ten control system security advisories for products from Rockwell Automation (8), Ocean Data Systems, and AVEVA.

NOTE: The Ocean advisory also applies to an AVEVA product.

Advisories

ControlLogix Advisory #1 - This advisory describes an improper input validation vulnerability in the Rockwell ControlLogic, CompactLogic and GuardLogic products.

ControlLogix Advisory #2 - This advisory describes an improper input validation vulnerability in the Rockwell ControlLogic, CompactLogic and GuardLogic products.

ControlLogix Advisory #3 - This advisory describes an improper check for unusual or exceptional conditions vulnerable to in the Rockwell ControlLogix 5580, GuardLogix 5580 products.

Micro850/870 Advisory - This advisory describes an uncontrolled resource consumption vulnerability in the Rockwell Micro850/870 PLC’s.

FactoryTalk Advisory - This advisory describes an incorrect permission for critical function vulnerability in the Rockwell FactoryTalk View Site Edition.

DataMosaix Advisory - This advisory describes an improper authentication vulnerability in the Rockwell DataMosaix Private Cloud.

Pavilion8 Advisory - This advisory describes a missing encryption of sensitive data in the Rockwell Pavilion8 model predictive control software.

AADvance Advisory - This advisory discusses two vulnerabilities in the Rockwell AADvance Standalone OPC-DA Server.

Ocean Advisory - This advisory describes two vulnerabilities in the Ocean Dream Report, a report generating and delivery software, and the AVEVA Reports for Operations 2023 software.

AVEVA Advisory - This advisory describes an allocation of resources without limits or throttling vulnerability in the AVEVA SuiteLink Server.

 

For more information on these advisories, including links to 3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/10-advisories-published-8-13-24 - subscription required.

1 comment:

Anonymous said...

In the ICSA-24-226-03, there's something weird. It looks as if the analyst didn't understand what Rockwell wrote: "First known in 34.011". Does this mean all versions >= 34.011 are vulnerable, or all <= 34.011? In Rockwell-speak I think this should be read as <= 34.011. If you follow the ICSA, also the fixed version 34.014 is vulnerable (the same is mentioned in the CSAF). Rockwell should write it down more clearly to be unambiguous.

 
/* Use this with templates/template-twocol.html */