[Control systems] CISA ICS security advisories (AV24-523)

Serial number: AV24-523
Date: September 16, 2024

Between September 9 and 15, 2024, CISA published ICS advisories to address vulnerabilities in the following products:

• AutomationDirect DirectLogic H2-DM1E - version 2.8.0 and prior
• BPL Medical Technologies Be Well Android Application - version 3.64 and prior
• BPL Medical Technologies PWS-01-BT - all versions
• iniNet Solutions GmbH SpiderControl SCADA Web Server - version v2.09 and prior
• Rockwell Automation 5015-U8IHFT - version 1.012 and prior
• Rockwell Automation 1756-EN4 - version 2.001
• Rockwell Automation AADvance Trusted SIS Workstation - version 2.00.01 and prior
• Rockwell Automation CompactLogix 5380 - version v.32.011
• Rockwell Automation CompactLogix 5380 Process - version v.33.011
• Rockwell Automation Compact GuardLogix 5380 SIL 2 - version v.32.013
• Rockwell Automation Compact GuardLogix 5380 SIL 3 - version v.32.011
• Rockwell Automation CompactLogix 5480 - version v.32.011
• Rockwell Automation ControlLogix 5580 - version v.32.011
• Rockwell Automation ControlLogix 5580 Process - version v.33.011
• Rockwell Automation GuardLogix 5580 - version v.32.011
• Rockwell Automation Embedded Edge Compute Module - version 4.0.0.347
• Rockwell Automation FactoryTalk Batch View - version 2.01.00 and prior
• Rockwell Automation FactoryTalk View Site Edition - versions V12.0, V13.0 and V14.0
• Rockwell Automation 2800C OptixPanel Compact - version 4.0.0.325
• Rockwell Automation 2800S OptixPanel Standard - version 4.0.0.350
• Rockwell Automation Pavilion8 - versions prior to V5.20
• Rockwell Automation SequenceManager - versions prior to 2.0
• Rockwell Automation ThinManager - multiple versions
• Siemens AI Model Deployer - versions prior to V1.1
• Siemens Automation License Manager V5 – All versions
• Siemens Automation License Manager V6.0 – all versions
• Siemens Automation License Manager V6.2 - versions prior to V6.2 Upd3
• Siemens Data Flow Monitoring Industrial Edge Device User Interface (DFM IED UI) - versions prior to V0.0.6
• Siemens Industrial Edge Management OS (IEM-OS) - all versions
• Siemens Industrial Edge Management Pro - versions prior to V1.9.5
• Siemens Industrial Edge Management Virtual - versions prior to V2.3.1-1
• Siemens LiveTwin Industrial Edge app (6AV2170-0BL00-0AA0) - versions prior to V2.4
• Siemens Mendix Runtime V8 - multiple versions
• Siemens Mendix Runtime V9 - multiple versions
• Siemens Mendix Runtime V10 - multiple versions
• Siemens Mendix Runtime V10.6 - multiple versions
• Siemens Mendix Runtime V10.12 - multiple versions
• Siemens Plant Simulation V2302 - versions prior to V2302.0015
• Siemens Plant Simulation V2404 - versions prior to V2404.0004
• Siemens SCALANCE W700 – multiple products and versions
• Siemens SICAM A8000 Device Firmware ETI5 Ethernet Int. 1x100TX IEC61850 - versions prior to V05.30
• Siemens SICAM EGS Device Firmware ETI5 - versions prior to V05.30
• Siemens SICAM 8 Software Solution ETI5 - versions prior to V05.30
• Siemens SICAM SCC - versions prior to V10.0
• Siemens SIMATIC BATCH V9.1 - all versions
• Siemens SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) - versions prior to V3.5.20
• Siemens SIMATIC CP 1243-1 (incl. SIPLUS variants) - versions prior to V3.5.20
• Siemens SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) - versions prior to V3.5.20
• Siemens SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) - versions prior to V3.5.20
• Siemens SIMATIC CP 1243-7 LTE - versions prior to V3.5.20
• Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) - versions prior to V3.5.20
• Siemens SIMATIC HMI Comfort Panels (incl. SIPLUS variants) - all versions
• Siemens SIMATIC IPC DiagBase - all versions
• Siemens SIMATIC IPC DiagMonitor - all versions
• Siemens SIMATIC Information Server 2020 - all versions
• Siemens SIMATIC Information Server 2022 - all versions
• Siemens SIMATIC Information Server 2024 - all versions
• Siemens SIMATIC PCS 7 V9.1 - all versions
• Siemens SIMATIC PCS neo V4.0 - all versions
• Siemens SIMATIC PCS neo V4.1 - versions prior to V4.1 Update 2
• Siemens SIMATIC PCS neo V5.0 - all versions
• Siemens SIMATIC Process Historian 2020 - all versions
• Siemens SIMATIC Process Historian 2022 - all versions
• Siemens SIMATIC RFID Readers - multiple products and versions
• Siemens SIMATIC WinCC Runtime Professional V17 - all versions
• Siemens SIMATIC WinCC Runtime Professional V18 - all versions
• Siemens SIMATIC WinCC Runtime Professional V19 - all versions
• Siemens SIMATIC WinCC Runtime Professional V20 - all versions
• Siemens SIMATIC WinCC V7.4 - all versions
• Siemens SIMATIC WinCC V7.5 - all versions
• Siemens SIMATIC WinCC V8.0 - all versions
• Siemens SIMATIC WinCC Runtime Advanced - all versions
• Siemens SINEC NMS - all versions
• Siemens SINEMA Remote Connect Client - versions prior to V3.2 SP2
• Siemens SINEMA Remote Connect Server - versions prior to V3.2 SP2
• Siemens SINUMERIK 828D V4 - multiple versions
• Siemens SINUMERIK 828D V5 - versions prior to V5.24
• Siemens SINUMERIK 840D sl V4 - multiple versions
• Siemens SINUMERIK ONE - multiple versions
• Siemens SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) - versions prior to V2.4.8
• Siemens SITIPE AT - all versions
• Siemens TIA Administrator - versions prior to V3.0 SP3
• Siemens TIM 1531 IRC (6GK7543-1MX00-0XE0) - versions prior to V2.4.8
• Siemens Totally Integrated Automation Portal (TIA Portal) V16 - all versions
• Siemens Totally Integrated Automation Portal (TIA Portal) V17 - versions prior to V17 Update 8
• Siemens Totally Integrated Automation Portal (TIA Portal) V18 - all versions
• Siemens Totally Integrated Automation Portal (TIA Portal) V19 - all versions
• Viessmann Climate Solutions SE Viessmann Vitogate 300 - version 2.1.3.0 and prior

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.

• CISA ICS Advisories