Today CISA’s NCCIC-ICS published six control system and one medical device security advisory for products from Raisecomm, CloudEdge, Siemens (2), Rockwell (2), and Oxford Nanopore Technologies. They also published three control systems security updates for products from Schneider.
Advisories
Raisecomm Advisory -
This advisory
describes an authentication bypass using alternate path or channel
vulnerability in the Raisecomm RAX701-GC products.
CloudEdge Advisory -
This advisory
describes an improper neutralization of wildcards or matching symbols
vulnerability in the CloudEdge App and CloudEdge Online Cameras.
Siemens Advisory #1 -
This advisory
describes four vulnerabilities in the Siemens Ruggedcom product line.
Siemens Advisory #2 -
This advisory
describes two vulnerabilities in the Siemens SIMATIC S7-1200 CPU V1 and SIMATIC
S7-1200 CPU V2 families.
Rockwell Advisory #1 -
This advisory
describes an uncaught exception vulnerability in the Rockwell Compact
GuardLogix 5370.
NOTE: I briefly
discussed this vulnerability on Sunday.
Rockwell Advisory #2 -
This advisory
describes two vulnerabilities in the Rockwell 1783-NATR product.
Oxford Advisory - This advisory describes three vulnerabilities in the Oxford MinKNOW DNA and RNA sequencing device.
Updates
Schneider Update #1 -
This update
provides additional information on the Modicon Controllers advisory that was
originally published on May 20th, 2025, and most recently updated on
July 15th, 2025.
NOTE: I briefly
discussed this vulnerability on Sunday.
Schneider Update #2 -
This update
provides additional information on the Modicon Controllers advisory that was
originally published on December 19th, 2024.
NOTE: I briefly
discussed this vulnerability on Sunday.
Schneider Update #3 -
This update
provides additional information on the Pro-face GP advisory that was originally
published on February 4th, 2025.
Posts
No comments:
Post a Comment