Thursday, July 16, 2026

Review – 9 Advisories Published – 7-16-23

Today CISA’s NCCIC-ICS published nine control system security advisories for products from Rockwell Automation (5), SALTO, Siemens, AutomationDirect, and NASA. I also look at eight other new advisories published by Siemens this week. 

Advisories  

Rockwell Advisory #1 - This advisory describes a cross-site scripting vulnerability in the Rockwell FactoryTalk DataMosaix. 

Rockwell Advisory #2 - This advisory describes a double free vulnerability in the Rockwell Flex 5000 Adapter. 

Rockwell Advisory #3 - This advisory describes three vulnerabilities in multiple Rockwell product lines. 

Rockwell Advisory #4 - This advisory describes an improper validation of integrity check value vulnerability in the Rockwell 1756-EN2, 1756-EN3, and 1756-ENBT products. 

Rockwell Advisory #5 - This advisory describes four vulnerabilities in the Rockwell Arena product. 

SALTO Advisory - This advisory describes an authorization bypass through user-controlled key vulnerability in the SALTO ProAccess Space product. 

Siemens Advisory - This advisory describes four vulnerabilities in the Siemens SICAM 8 product line. 

AutomationDirect Advisory - This advisory describes six vulnerabilities in the AutomationDirect Productivity Suite. 

NASA Advisory  This advisory describes a NULL pointer dereference vulnerability in the NASA Core Flight System (cFS) Health & Safety (HS) Application. 


For more information on these advisories, as well as a listing of eight other Siemens advisories published this week, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/9-advisories-published-7-16-23 - subscription required. 

No comments:

 
/* Use this with templates/template-twocol.html */