Today CISA’s NCCIC-ICS published nine control system security advisories for products from Rockwell Automation (5), SALTO, Siemens, AutomationDirect, and NASA. I also look at eight other new advisories published by Siemens this week.
Advisories
Rockwell Advisory #1 - This advisory describes a cross-site scripting vulnerability in the Rockwell FactoryTalk DataMosaix.
Rockwell Advisory #2 - This advisory describes a double free vulnerability in the Rockwell Flex 5000 Adapter.
Rockwell Advisory #3 - This advisory describes three vulnerabilities in multiple Rockwell product lines.
Rockwell Advisory #4 - This advisory describes an improper validation of integrity check value vulnerability in the Rockwell 1756-EN2, 1756-EN3, and 1756-ENBT products.
Rockwell Advisory #5 - This advisory describes four vulnerabilities in the Rockwell Arena product.
SALTO Advisory - This advisory describes an authorization bypass through user-controlled key vulnerability in the SALTO ProAccess Space product.
Siemens Advisory - This advisory describes four vulnerabilities in the Siemens SICAM 8 product line.
AutomationDirect Advisory - This advisory describes six vulnerabilities in the AutomationDirect Productivity Suite.
NASA Advisory This advisory describes a NULL pointer dereference vulnerability in the NASA Core Flight System (cFS) Health & Safety (HS) Application.
For more information on these advisories, as well as a listing of eight other Siemens advisories published this week, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/9-advisories-published-7-16-23 - subscription required.
No comments:
Post a Comment