Today CISA’s NCCIC-ICS published five control system security advisories for products from Kieback & Peter, ZKTeco, ScadaBR, Siemens, and ABB. They also published updates for products from ABB.
Advisories
Kieback & Peter Advisory - This advisory discusses a code injection vulnerability in the Kieback & Peter DDC Building Controllers.
ZKTeco Advisory - This advisory describes an authentication bypass using an alternate path or channel vulnerability in the ZKTeco SSC335-GC2063-Face-0b77 CCTV cameras.
ScadaBR Advisory - This advisory describes four vulnerabilities in ScadaBR 1.2.0.
Siemens Advisory - This advisory discusses an out-of-bounds write vulnerability in the Siemens RUGGEDCOM APE1808 Devices.
NOTE: I briefly discussed the Siemens advisory on Saturday.
ABB Advisory - This advisory describes a path traversal vulnerability in the ABB CoreSense HM and CoreSense M10 products.
NOTE: I most recently discussed the ABB advisory on October 25th, 2025.
Updates
ABB Update #1 - This update provides additional information for the 800xA Base advisory that was originally published on June 25th, 2025.
NOTE: I most recently discussed the ABB advisory on January 25th, 2026.
ABB Update #2 - This update provides additional information for the RMC-100 advisory that was originally published on July 15th, 2025.
For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-2-updates-published-67b - subscription required.
Posts
No comments:
Post a Comment