Review – 11 Advisories Published – 8-15-24

Today, CISA’s NCCIC-ICS published eleven control system security advisories for products from Siemens (9), PTC Kepware, and AVEVA.

Advisories

NX Advisory - This advisory describes an out-of-bounds read vulnerability in the Siemens NX integrated toolset.

COMOS Advisory - This advisory discusses two vulnerabilities in the COMOS unified data platform.

Location Intelligence Advisory - This advisory describes three vulnerabilities in the Siemens Location Intelligence web-based application software.

SINEC Advisory #1 - This advisory discusses 29 vulnerabilities (five with publicly available exploits) in the Siemens SINEC network management systems (NMS).

SINEC Advisory #2 - This advisory describes five vulnerabilities in the Siemens SINEC Traffic Analyzer.

LOGO! Advisory - This advisory describes a cleartext storage of a password vulnerability in the Siemens LOGO! Products.

TEAMCENTER Visualization Advisory - This advisory describes three vulnerabilities in the Siemens Teamcenter Visualization and JT2Go products.

INTRALOG Advisory - This advisory discusses two vulnerabilities in the Siemens INTRALOG warehouse management system (WMS).

SCALANCE Advisory - This advisory describes four vulnerabilities in the Siemens SCALANCE M-800 Family and RUGGEDCOM RM1224 products.

PTC Kepware Advisory - This advisory describes an allocation of resources without limit or throttling vulnerability in the PTC Kepware ThingWorx Kepware Server.

AVEVA Advisory - This advisory describes an SQL injection vulnerability in the AVEVA Historian Server.

 

For more information on these advisories, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/11-advisories-published-8-15-24 - subscription required.