Today, CISA’s NCCIC-ICS published seven control system
security advisories for products from Rockwell Automation, Honeywell, and
Siemens (5). They also updated an advisory for products from AVEVA.
two additional advisories on Tuesday that were not addressed here. They also
updated 22 advisories, but NCCIC-ICS is no longer covering updates for Siemens
products. I will be covering all of those this weekend.
Rockwell Advisory – This advisory
describes an exposure of sensitive information to an unauthorized actor
vulnerability in the Rockwell Modbus TCP Server AOI.
Honeywell Advisory – This advisory
describes three vulnerabilities in the Honeywell OneWireless Wireless Device
Mendix Advisory – This advisory
describes an incorrect implementation of authentication algorithm vulnerability
in the Siemens Mendix SAML Module.
SCALANCE Advisory – This advisory
discusses four vulnerabilities in the Siemens SCALANCE W1750D.
RUGGEDCOM Advisory #1 – This advisory
describes two missing authorization vulnerabilities in the Siemens RUGGEDCOM
RUGGEDCOM Advisory #2 – This advisory
describes two vulnerabilities in the Siemens RUGGEDCOM CROSSBOW.
Third-Party Advisory – This advisory
describes 65 vulnerabilities in the Siemens SCALANCE and RUGGEDCOM products.
AVEVA Update – This
provides additional information on an advisory that was originally
published on December 8th, 2022.
For more details about these advisories, see my article at
CFSN Detailed Analysis – https://patrickcoyle.substack.com/p/review-7-advisories-and-1-update
– subscription required.
Go to Source of this post
Author Of this post: PJCoyle