Serial number: AV24-468
Date: August 19, 2024
Between August 12 and 18, 2024, CISA published ICS advisories to address vulnerabilities in the following products:
- AVEVA Historian Web Server – versions 2023 to 2023 P03, versions 2020 to 2020 R2 SP1 P01 and 2023 R2
- AVEVA Reports for Operations 2023 – version 23.0.17795.1010 and prior
- AVEVA SuiteLink Server – multiple products and versions
- Ocean Data Systems Dream Report 2023 – version 23.0.17795.1010 and prior
- PTC Kepware ThingWorx Kepware Server – multiple products and versions
- Rockwell Automation ControlLogix, GuardLogix, Compact Logix and Compact GuardLogix – multiple models and versions
- Rockwell Automation Micro850/870 – versions prior to v22.01
- Rockwell Automation FactoryTalk View Site Edition – version 13.0
- Rockwell Automation DataMosaix Private Cloud – versions prior to 7.07
- Rockwell Automation Pavilion8 – versions 5.20 and later
- Rockwell Automation AADvance Standalone OPC-DA Server – versions 2.01.510 and later
- Siemens SCALANCE M-800 Family – multiple models and versions prior to V8.1
- Siemens RUGGEDCOM RM1224 – versions prior to V8.1
- Siemens NX – versions prior to V2406.3000
- Siemens COMOS – versions prior to V10.5
- Siemens Location Intelligence – versions prior to V4.4
- Siemens SINEC NMS – versions prior to V3.0
- Siemens LOGO! V8.3 BM Devices – multiple models and versions
- Siemens SINEC NMS – versions prior to V3.0
- Siemens SINEC Traffic Analyzer – versions prior to V2.0
- Siemens Teamcenter Visualization and JT2Go – multiple versions
- Siemens INTRALOG WMS – versions prior to 4.0
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates if available.