[Control systems] CISA ICS security advisories (AV24–665)

From: Canadian Centre for Cyber Security

Serial number: AV24-665
Date: November 18, 2024

Between November 11 and November 17, 2024, CISA published ICS advisories to address vulnerabilities in the following products:

  • 2N Access Commander – versions 3.1.1.2 and prior
  • Baxter Life2000 Ventilation System – version 06.08.00.00 and prior
  • Hitachi Energy MSM – versions 2.2.8 and prior
  • Hitachi Energy TRO600 series firmware – versions 9.0.1.0 – 9.2.0.0
  • Hitachi Energy TRO600 series firmware – versions 9.1.0.0 – 9.2.0.0
  • Rockwell Automation Arena Input Analyzer – version v16.20.03 and prior
  • Rockwell Automation FactoryTalk Updater - Web Client – versions 4.00.00
  • Rockwell Automation FactoryTalk Updater - Client – all versions
  • Rockwell Automation FactoryTalk Updater - Agent – all versions
  • Rockwell Automation FactoryTalk View ME – version v14.0 and prior
  • Rockwell Automation Verve Asset Manager – versions 1.39 and prior
  • Siemens SCALANCE M-800 Family – versions prior to V8.2
  • Siemens SIMATIC S7-PLCSIM V16 & V17 – all versions
  • Siemens SIMATIC STEP 7 and WinCC family – multiple versions
  • Siemens SIMOCODE ES V16, V18 and V18 – multiple versions
  • Siemens SIMOTION SCOUT TIA V5.4 SP1, SP3 and V5.5 SP1 – all versions
  • Siemens SINAMICS Startdrive V16, V17 and V18 – all versions
  • Siemens SIRIUS Safety ES V17 and V18 – multiple versions
  • Siemens SIRIUS Soft Starter ES V17 and V18 – multiple versions
  • Siemens Mendix Runtime – multiple versions
  • Siemens OZW672 – versions prior to V5.2
  • Siemens OZW772 – versions prior to V5.2
  • Siemens RUGGEDCOM CROSSBOW (SAC) – versions prior to 5.6
  • Siemens SIMATIC CP1543-1 – version V4.0 (6GK7543-1AX10-0XE0)
  • Siemens SINEC INS – versions prior to V1.0 SP2 Update 3
  • Siemens SINEC NMS – versions prior to V3.0 SP1
  • Siemens SIPORT – versions prior to V3.4.0
  • Siemens Solid Edge SE2024 – versions prior to V224.0 Update 9
  • Siemens Spectrum Power 7 – all versions prior to V24Q3
  • Siemens TeleControl Server Basic V3.1 – versions prior to V3.1.2.1
  • Siemens TIA Portal Cloud V16, V17 and V18 – multiple versions
  • Subnet Solutions PowerSYSTEM Center PSC 2020 – versions v5.22.x and prior

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

Date modified: