Today CISA’s NCCIC-ICS published ten control system security advisories for products from Daikin, Schneider (2), and Siemens (7). They also updated an advisory for products from Schneider.
Siemens also published eight updates for earlier advisories, but CISA is no longer updating their advisories for Siemens updates. I will cover them in this weekend’s Public ICS Disclosure.
Advisories
Daikin Advisory -
This advisory
describes a weak password recovery process for forgotten password vulnerability
in the Daikin Security Gateway.
Schneider Advisory #1
- This advisory
describes a files or directories accessible to external parties vulnerability
in multiple Schneider Modicon M340 products.
Schneider Advisory #2
- This advisory
describes two vulnerabilities in the Schneider EcoStruxure products.
Siemens Advisory #1 -
This advisory
describes four vulnerabilities in the Siemens User Management Component (UMC).
Siemens Advisory #2 -
This advisory
discusses an allocation of resources without limits or throttling vulnerability
in the Siemens Industrial Edge Management OS (IEM-OS).
Siemens Advisory #3 -
This advisory
describes an exposure of sensitive information to an unauthorized actor
vulnerability in the Siemens Apogee PXC and Talon TC Devices.
Siemens Advisory #4 -
This advisory
describes two vulnerabilities in the Siemens SINEC OS.
Siemens Advisory #5 -
This advisory
describes an improper privilege management vulnerability in the Siemens SINAMICS
Drives.
Siemens Advisory #6 -
This advisory
describes an incorrect permissions assignment for critical function vulnerability
in the Siemens SIMATIC Virtualization as a Service (SIVaaS) product.
Siemens Advisory #7 - This advisory discusses an improper check for unusual or exceptional conditions vulnerability in the Siemens SIMOTION Tools.
Updates
Schneider Update - This update provides additional information on the Modicon M340 advisory that was originally published on February 4th, 2025.
Posts
No comments:
Post a Comment