Today CISA’s NCCIC-ICS published two control system security advisories for products from Siemens. They also updated two advisories for products from EG4 and Tigo.
Advisories
Mendix Advisory -
This advisory
describes an improper verification of crtyptographic signature vulnerability in
the Siemens Mendix SAML Module.
NOTE: I briefly
discussed this vulnerability on Sunday.
Desigo Advisory -
This advisory
discusses a least privilege violation vulnerability in the Siemens Desigo CC and
SENTRON Powermanager products.
NOTE: I briefly discussed this vulnerability on Sunday.
Updates
EG4 Update - This
update
provides additional information on the EG4 Inverters advisory that was
originally published on August 7th, 2025.
Tigo Update - This
update
provides additional information on the Cloud Connect advisory that was originally
published on August 5th, 2025.
Note: I briefly
discussed the announced exploit on August 9th, 2025.
Posts
No comments:
Post a Comment