December 11, 2024 at 06:34AM
The December 2024 ICS Patch Tuesday featured advisories from CISA and several industrial companies, notably Schneider Electric and Siemens. Significant vulnerabilities were reported, including critical flaws in Modicon controllers and high-severity issues in various products, prompting numerous patches and mitigations for affected systems. Rockwell Automation and Phoenix Contact also released advisories.
### Meeting Takeaways from December 2024 ICS Patch Tuesday
1. **Advisories Overview**: December 2024 Patch Tuesday features advisories from CISA and key industrial automation firms, predominantly Schneider Electric and Siemens.
2. **Schneider Electric**:
– **Critical Flaw in Modicon Controllers**: An unauthenticated attacker could disrupt operations.
– **High-Severity Issue in Harmony and Pro-face HMI Products**: Malicious code installation by an authenticated user could grant complete control of the device.
– **Medium-Severity DoS Bug in PowerChute Serial Shutdown Software**.
3. **Siemens**:
– Released **10 Advisories** with the following highlights:
– **High-Severity CSRF Issue**: Affects Ruggedcom ROX II devices; could allow actions on behalf of an authenticated user via a malicious link.
– **High-Severity Code Execution Vulnerabilities**: Found in Simatics S7 products using TIA Portal prior to version 20.
– Multiple high-severity code execution issues exist in Teamcenter Visualization, Solid Edge, Parasolid, and Simcenter Femap due to specially crafted files.
– **Medium-Severity Issues**: Addressed in Sentron Powercenter, Sicam A8000, and Comos products.
– Patches are available for some vulnerabilities, while others have pending or no patches. Mitigations and workarounds provided.
4. **Rockwell Automation**:
– Published an advisory shortly before Patch Tuesday concerning **four high-severity vulnerabilities** in Arena event simulation software, exploitable for arbitrary code execution via specially crafted files.
5. **CISA**:
– Released **seven new ICS advisories**, which include vulnerabilities from Schneider Electric and Rockwell Automation. Additionally, vulnerabilities in Horner Automation Cscape and National Instruments’ LabVIEW were highlighted, alongside a critical default credentials flaw in MOBATIME’s Network Master Clock.
6. **Phoenix Contact**:
– Announced two advisories related to vulnerabilities in PLCnext firmware, detailing security gaps found over the last two years in third-party software.
### Related News
– **Chipmaker Patch Tuesday**: Intel published 44 advisories, while AMD published 8.
This summary encompasses key points from the meeting discussions surrounding the recent cybersecurity vulnerabilities and advisories important for stakeholders.