Today CISA’s NCCIC-ICS published eleven control system advisories for products from Hitachi Energy, Siemens (6), and Rockwell Automation (4). They also updated two advisories for products from Delta Electronics and Schneider.
Advisories
Hitachi Energy Advisory - This
advisory
describes three vulnerabilities in the Hitachi Energy MACH GWS.
Note: I briefly
discussed this vulnerability on October 4th, 2025.
HyperLinx Advisory - This advisory
discusses a type confusion vulnerability (which is listed in CISA’s KEV catalog)
in the Siemens HyperLynx and Industrial Edge App Publisher products.
SINEC Advisory - This advisory
describes an SQL injection vulnerability in the Siemens SINEC NMS product.
SIMATIC Advisory - This advisory
describes a missing authentication for critical function vulnerability in the
Siemens SIMATIC CP and SIPLUS ET 200SP products.
SiPass Advisory - This advisory
describes four vulnerabilities (one with publicly available exploit) in the Siemens
SiPass integrated.
Solid Edge Advisory - This advisory
describes four vulnerabilities in the Siemens Solid Edge product.
ArmorStart Advisory - This advisory
that describes an improper handling of exceptional conditions vulnerability in
the Rockwell ArmorStart Classic.
FactoryTalk Advisory #1 - This
advisory
describes an improper restriction of XML external entity reference vulnerability
in the PanelView Plus 7 Terminal.
FactoryTalk Advisory #2 - This
advisory
describes two improper privilege management vulnerabilities in the Rockwell FactoryTalk
Linx.
FactoryTalk Advisory #3 - This advisory describes two vulnerabilities in the Rockwell FactoryTalk View Machine Edition and PanelView Plus 7 products.
Updates
Delta Update - This update
provides additional information on the CNCSoft-G2 advisory that was originally
published on April 30th, 2024.
Schneider Update - This update
provides additional information on the EcoStruxure advisory that was originally
published on August 12th, 2025.
Posts
No comments:
Post a Comment