August 14, 2024 at 04:51AM
Siemens, Schneider Electric, Rockwell Automation, Aveva, and the US cybersecurity agency CISA published ICS security advisories. Siemens addressed 9 advisories covering around 50 vulnerabilities, including critical and high-severity flaws in SINEC NMS. Schneider Electric addressed vulnerabilities in EcoStruxure and Accutech Manager. Aveva published 3 high-severity advisories, while Rockwell Automation addressed 10 vulnerabilities. CISA issued 10 ICS advisories.
The meeting notes detail the publication of industrial control system (ICS) security advisories by several companies and the US cybersecurity agency CISA. Siemens, Schneider Electric, Rockwell Automation, Aveva, and CISA have all released advisories addressing various vulnerabilities in their products.
Siemens has released nine new advisories covering approximately 50 vulnerabilities, including critical and high severity flaws in the SINEC Network Management System (NMS) product. The vulnerabilities impact third-party components and include the CVE-2023-44487 vulnerability, which was exploited in the wild for HTTP/2 Rapid Reset DDoS attacks. Siemens has also patched high-severity vulnerabilities in several other products, addressing remote code execution, denial of service, and information disclosure issues.
Schneider Electric has published two advisories, one addressing a vulnerability in EcoStruxure Machine SCADA Expert and Blue Open Studio, and the other describing a high-severity DoS vulnerability affecting the Accutech Manager software.
Aveva has published three advisories, all with a severity rating of ‘high’, addressing vulnerabilities in SuiteLink Server, Aveva Reports for Operations, and Historian Server.
Rockwell Automation has released nine advisories covering 10 vulnerabilities, including arbitrary code execution flaws in AADvance and FactoryTalk products, as well as DoS flaws in various controllers. CISA has also published 10 ICS advisories, many of which cover the vulnerabilities disclosed by Rockwell Automation and Aveva.
The meeting notes provide a comprehensive overview of the recent ICS security advisories released by these companies, highlighting the critical vulnerabilities addressed and emphasizing the importance of promptly addressing these issues to secure industrial control systems.