Review – 5 Advisories Published – 3-20-25

Today CISA published four control systems security advisories for products from SMA Solar Technology, Siemens, and Schneider Electric (2). The also published a medical device security advisory for products from Santesoft.

Advisories

SMA Advisory - This advisory describes an unrestricted upload of file with dangerous type vulnerability in the SMA Sunny Portal.

Siemens Advisory - This advisory describes an improper restriction of operations within the bounds of a memory buffer vulnerability in the Siemens Simcenter Femap product.

Schneider Advisory #1 - This advisory describes three improper input validation vulnerabilities in the Schneider Enerlin’X IFE and eIFE products.

Schneider Advisory #2 - This advisory describes an improper privilege management vulnerability in the Schneider EcoStruxure Process Expert products.

Santesoft Advisory - This advisory describes an out-of-bounds write vulnerability in the Santesoft Sante DICOM Viewer Pro.

 

For more information on these advisories, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-published-3-20-25 - subscription required.