Review – 7 Advisories and 1 Update Published – 3-21-23

Today, CISA’s NCCIC-ICS published seven control system security
advisories for products from Siemens (3), Rockwell Automation, VISAM, Delta Electronics,
Keysight Technologies, and Hitachi Energy.

Advisories

SCALANCE Advisory –
This advisory
discusses 17 vulnerabilities in the Siemens SCALANCE W-700 product line.

RADIUS Advisory –
This advisory
discusses an infinite loop vulnerability in the Siemens RADIUS client of
SIPROTEC 5 devices.

RUGGEDCOM Advisory –
This advisory
discusses seven TOCTOU race condition vulnerabilities in the Siemens RUGGEDCOM
APE1808 Product Family.

Rockwell Advisory –
This advisory
describes three vulnerabilities in the Rockwell ThinManager ThinServer.

VISAM Advisory – This
advisory
describes seven improper restriction of XML entity reference vulnerabilities in
the VISAM VBASE Automation Base. 

Delta Advisory – This
advisory
describes 13 vulnerabilities in the Delta InfraSuite Device Master.

Keysight Advisory –
This advisory
describes a deserialization of untrusted data vulnerability in the Keysight N6854A
Geolocation Sever.

Updates

Hitachi Energy Update
– This update
provides additional information on an advisory that was originally published on
December 9^th, 2021.

For more details about these advisories, including links to
3^rd party advisories and exploits, as well as a brief summary of
changes made in the update, see my article at CFSN Detailed Analysis – https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published-541
– subscription required.