Tuesday, January 28, 2025

Review – 6 Advisories and 1 Update Published – 1-28-25

Today CISA’s NCCIC-ICS published six control system security advisories for products from Schneider Electric (2), Rockwell Automation (3), and B&R. They also updated a medical device advisory for products from BD.

Three additional Rockwell advisories were published today. If they are not covered in CISA advisories on Thursday, I will discuss them this weekend in my Public ICS Disclosures post.

Advisories

Schneider Advisory #1 - This advisory describes a deserialization of untrusted data vulnerability in the Schneider Electric RemoteConnect and SCADAPack x70 Utilities.

Schneider Advisory #2 - This advisory describes two vulnerabilities in the Schneider PowerLogic HDPM6000 High-Density Metering System.

Rockwell Advisory #1 - This advisory describes two vulnerabilities in the Rockwell DataMosaix Private Cloud.

Rockwell Advisory #2 - This advisory describes two vulnerabilities in the Rockwell FactoryTalk product.

Rockwell Advisory #3 - This advisory describes two vulnerabilities in the Rockwell FactoryTalk View ME product.

B&R Advisory - This advisory describes the use of a broken or risky cryptographic algorithm vulnerability in the B&R Automation Runtime and mapp View products.

Updates

BD Update - This update provides additional information on the BD Diagnostic Solutions Products advisory that was originally published on December 17th, 2024.

 

For more information about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-and-1-update-published-286 - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */