Today CISA’s NCCIC-ICS published eight control system security advisories for products from AutomationDirect, Schneider (4), Elber, Rockwell Automation, and Western Telematics. They also updated an advisory for products from Ashlar-Vellum.
Advisories
AutomationDirect Advisory
- This advisory
describes a classic buffer overflow vulnerability in the AutomationDirect C-more
EA9 HMI.
Schneider Advisory #1
- This advisory
describes an improper enforcement of message integrity during transmission in a
communications channel vulnerability in the Schneider Pro-face GP-Pro EX and
Remote HMI.
Schneider Advisory #2
- This advisory
describes an exposure of sensitive information to unauthorized actor
vulnerability in the Schneider Modicon M340 and BMXNOE0100/0110, BMXNOR0200H
products.
Schneider Advisory #3
- This advisory
describes an improper restriction of XML entity external reference
vulnerability in the Schneider Web Designer for Modicon.
Schneider Advisory #4
- This advisory
describes an incorrect calculation of buffer size vulnerability in the
Schneider M580 PLCs, BMENOR2200H and EVLink Pro AC products.
NOTE: I briefly
discussed all four of these Schneider vulnerabilities on January 20th,
2025.
Elber Advisory - This
advisory
describes two vulnerabilities with publicly available exploits in multiple communication
products from Elber.
Rockwell Advisory -
This advisory
describes an improper handling of exceptional conditions vulnerability in the
Rockwell GuardLogix 5380 and 5580 controllers.
Western Telematic Advisory - This advisory describes an external control of file name or path in the Western Telematic NPS Series, DSM Series, CPM Series products.
Updates
Ashlar-Vellum Update -
This update
provides additional information on the Ashlar-Vellum modeling tools advisory
that was originally published on October 24th, 2023.
Posts
No comments:
Post a Comment