Today, CISA’s NCCIC-ICS published seven control system security
advisories for products from Siemens (3), Rockwell Automation, VISAM, Delta Electronics,
Keysight Technologies, and Hitachi Energy.

Advisories

SCALANCE Advisory
This advisory
discusses 17 vulnerabilities in the Siemens SCALANCE W-700 product line.

RADIUS Advisory
This advisory
discusses an infinite loop vulnerability in the Siemens RADIUS client of
SIPROTEC 5 devices.

RUGGEDCOM Advisory
This advisory
discusses seven TOCTOU race condition vulnerabilities in the Siemens RUGGEDCOM
APE1808 Product Family.

Rockwell Advisory
This advisory
describes three vulnerabilities in the Rockwell ThinManager ThinServer.

VISAM Advisory – This
advisory
describes seven improper restriction of XML entity reference vulnerabilities in
the VISAM VBASE Automation Base. 

Delta Advisory – This
advisory
describes 13 vulnerabilities in the Delta InfraSuite Device Master.

Keysight Advisory
This advisory
describes a deserialization of untrusted data vulnerability in the Keysight N6854A
Geolocation Sever.

Updates

Hitachi Energy Update
– This update
provides additional information on an advisory that was originally published on
December 9th, 2021.

 

For more details about these advisories, including links to
3rd party advisories and exploits, as well as a brief summary of
changes made in the update, see my article at CFSN Detailed Analysis – https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published-541
– subscription required.

Go to Source of this post
Author Of this post: PJCoyle

By admin