Tuesday, April 21, 2026

Review – 12 Advisories Published – 4-21-26

Today CISA’s NCCIC-ICS published 12 control system security advisories for products from SenseLive, Silex Technology, Zero Motorcycle, Hardy Barth, Siemens (8). I briefly mentioned the eight Siemens advisories on Saturday. 

Advisories  SenseLive Advisory - This advisory describes 11 vulnerabilities in the SenseLive X3050 industrial serial device server. 

Silex Advisory This advisory describes 13 vulnerabilities in the SD-330AC and AMC Manager. 

Zero Motorcycles Advisory This advisory describes a key exchange without entity authentication vulnerability in Zero Motorcycles. 

Hardy Barth Advisory - This advisory describes two vulnerabilities (both with publicly available exploits) in the Hardy Barth Salia EV Charge Controller.  

Siemens Advisory #1 - This advisory describes an authentication bypass by primary weakness vulnerability in the Siemens Industrial Edge Management products. 

Siemens Advisory #2 - This advisory describes an authorization bypass through user-controlled key vulnerability in the Siemens SINEC NMS network traffic monitoring software. 

Siemens Advisory #3 This advisory discusses a numeric truncation error vulnerability in the Siemens RUGGEDCOM CROSSBOW Station Access Controller. 

Siemens Advisory #4 - This advisory discusses 15 vulnerabilities in the Siemens SCALANCE W-700 IEEE 802.11n family. 

Siemens Advisory #5 - This advisory describes an improper certificate validation vulnerability in the Siemens Analytics Toolkit. 

Siemens Advisory #6 - This advisory describes an improper verification of cryptographic signature vulnerability in the Siemens SINEC NMS network traffic monitoring software. 

Siemens Advisory #7 This advisory describes an incorrect privilege management vulnerability in the Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary. 

Siemens Advisory #8 This advisory discusses an out-of-bounds read vulnerability in the Siemens TPM 2.0 implementation in multiple Siemens products. 


For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/12-advisories-published-4-21-26 - subscription required. 

Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */