Today, CISA’s NCCIC-ICS published seven control system security
advisories for products from Siemens (3), Rockwell Automation, VISAM, Delta Electronics,
Keysight Technologies, and Hitachi Energy.
SCALANCE Advisory –
discusses 17 vulnerabilities in the Siemens SCALANCE W-700 product line.
RADIUS Advisory –
discusses an infinite loop vulnerability in the Siemens RADIUS client of
SIPROTEC 5 devices.
RUGGEDCOM Advisory –
discusses seven TOCTOU race condition vulnerabilities in the Siemens RUGGEDCOM
APE1808 Product Family.
Rockwell Advisory –
describes three vulnerabilities in the Rockwell ThinManager ThinServer.
VISAM Advisory – This
describes seven improper restriction of XML entity reference vulnerabilities in
the VISAM VBASE Automation Base.
Delta Advisory – This
describes 13 vulnerabilities in the Delta InfraSuite Device Master.
Keysight Advisory –
describes a deserialization of untrusted data vulnerability in the Keysight N6854A
Hitachi Energy Update
– This update
provides additional information on an advisory that was originally published on
December 9th, 2021.
For more details about these advisories, including links to
3rd party advisories and exploits, as well as a brief summary of
changes made in the update, see my article at CFSN Detailed Analysis – https://patrickcoyle.substack.com/p/7-advisories-and-1-update-published-541
– subscription required.
Go to Source of this post
Author Of this post: PJCoyle