Serial number: AV24-728
Date: December 23, 2024
Between December 16 and 22, 2024, CISA published ICS advisories to address vulnerabilities in the following products:
- BD Diagnostic Solutions BACTEC Blood Culture System – all versions
- BD Diagnostic Solutions COR System – all versions
- BD Diagnostic Solutions EpiCenter Microbiology Data Management System – all versions
- BD Diagnostic Solutions MAX System – all versions
- BD Diagnostic Solutions Phoenix M50 Automated Microbiology System – all versions
- BD Diagnostic – all versions
- Delta Electronics DTM Soft – versions 1.30 and prior
- Hitachi Energy RTU400 series CMU Firmware – multiple versions
- Hitachi Energy SDM600 – versions prior to 1.3.4
- Hitachi Energy TropOS devices series 1400/2400/6400 – versions prior to 8.9.6
- Ossur Mobile Logic Application – versions prior to 1.5.5
- Rockwell Automation PowerMonitor 1000 Remove – multiple models, versions prior to 4.020
- Schneider Electric Accutech Manager – versions 2.08.01 and prior
- Schneider Electric Modicon Controllers M241 – versions prior to 5.2.11.24
- Schneider Electric Modicon Controllers M251 – versions prior to 5.2.11.24
- Schneider Electric Modicon Controllers M258 – all versions
- Schneider Electric Modicon Controllers M262 – versions prior to 5.2.8.26
- Schneider Electric Modicon Controllers LMC058 – all versions
- Siemens User Management Component – multiple applications and versions
- ThreatQuotient ThreatQ – versions prior to 5.29.3
- Tibbo AggreGate Network Manager – versions 6.34.02 and prior
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.