Review – 8 Advisories Published – 12-19-24

Today CISA’s NCCIC-ICS published seven control system security advisories for products from Schneider Electric (2), Tibbo, Siemens, Delta Electronics, and Hitachi Energy (2). The also published a medical device security advisory for products from Ossur.

Advisory

Schneider Advisory #1 - This advisory describes a cross-site scripting vulnerability in multiple Schneider Modicon Controllers.

Schneider Advisory #2 - This advisory describes a classic buffer overflow vulnerability in the Schneider Accutech Manager product.

Tibbo Advisory - This advisory describes an unrestricted upload of file with dangerous type vulnerability in the Tibbo AggreGate Network Manager.

Siemens Advisory - This advisory describes a heap-based buffer overflow vulnerability in the Siemens User Management Component.

Delta Advisory - This advisory describes a deserialization of untrusted data vulnerability in the Delta DTM Soft product.

Hitachi Energy Advisory #1 - This advisory describes two vulnerabilities in the Hitachi Energy SDM600 product.

Hitachi Energy Advisory #2 - This advisory describes a classic buffer overflow vulnerability in the Hitachi Energy RTU500 series CMU.

Ossur Advisory - This advisory describes three vulnerabilities in the Ossur Logic Mobile Application.

 

For more information about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/8-advisories-published-12-19-24 - subscription required.