Today CISA’s NCCIC-ICS published nine control system security advisories for products from ABB, Subnet Solutions, Rockwell Automation, and Siemens (6). They also published a medical device security advisory for products from INFINITT Healthcare.
There were three additional advisories published by Siemens Tuesday that were not addressed today by CISA. I will discuss them this weekend.
Advisories
ABB Advisory - This
advisory
discusses eight vulnerabilities in the ABB Arctic Wireless Gateways.
Subnet Advisory -
This advisory
describes two vulnerabilities in the Subnet PowerSYSTEM Center 2020 products.
Rockwell Advisory -
This advisory
describes eleven vulnerabilities in the Rockwell Arena simulation software.
SENTRON Advisory -
This advisory
describes nine vulnerabilities in the Siemens SENTRON 7KT PAC1260 Data Manager.
Insights Advisory -
This advisory
discusses five vulnerabilities in the Siemens Insights Hub Private Cloud. These
are third-party vulnerabilities.
Industrial Edge -
This advisory
describes a weak authentication vulnerability in the Siemens Industrial Edge
Devices.
Solid Edge Advisory -
This advisory
describes an out-of-bounds write vulnerability in the Siemens Solid Edge SE2024
and Solid Edge SE2025 products.
SIDIS Prime Advisory -
This advisory
discusses fourteen vulnerabilities (three with publicly available exploits) in
the Siemens SIDIS Prime product.
License Server
Advisory - This advisory
describes two vulnerabilities in the Siemens License Server.
INFINITT Advisory -
This advisory
describes three vulnerabilities in the INFINITT PACS System Manager.
For more information on these advisories, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/10-advisories-published-4-10-25
- subscription required.
Posts
No comments:
Post a Comment