Serial number: AV24-687
Date: December 2, 2024
Between November 25 and December 1, 2024, CISA published ICS advisories to address vulnerabilities in the following products:
- Hitachi Energy MicroSCADA Pro/X SYS600 – multiple versions
- Hitachi Energy RTU500 Scripting Interface – all versions
- Schneider Electric EcoStruxure Control Expert – versions prior to v16.0
- Schneider Electric EcoStruxure Process Expert – versions prior to v2023
- Schneider Electric Modicon M340 CPU (part numbers BMXP34*) – versions prior to sv3.60
- Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH* excluding M580 CPU Safety) – versions prior to SV4.20
- Schneider Electric Modicon M580 CPU Safety – versions prior to SV4.21
- Schneider Electric Modicon MC80 (part numbers BMKC80) – all versions
- Schneider Electric Modicon Momentum Unity M1E Processor (171CBU*) – all versions
- Schneider Electric PowerLogic P5 – versions 01.500.104 and prior
- SchneiderPowerLogic PM5560 – versions prior to v2.7.8
- SchneiderPowerLogic PM5561 – versions prior to v10.7.3
- SchneiderPowerLogic PM5562 – versions prior to v2.5.4
- SchneiderPowerLogic PM5563 – versions prior to v2.7.8
- Schneider PowerLogic PM8ECC – all versions
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.