Review – 1 Advisory and 1 Update Published – 4-1-25

Today CISA’s NCCIC-ICS published a control system security advisory for products from Rockwell Automation. They also updated an advisory for products from Hitachi Energy.

Advisories

Rockwell Advisory - This advisory discusses a deserialization of untrusted data vulnerability (with publicly available exploit code) in the Rockwell Lifecycle Services with Veeam Backup and Replication.

Updates

Hitachi Energy Update - This update provides additional information on the Hitachi Energy MicroSCADA advisory that was originally published on November 26^th, 2024.

 

For more information on these advisories, including a down-the-rabbit-hole look at the Veeam vulnerability, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-1-update-published-1a0 - subscription required.