Serial number: AV25-068
Date: February 10, 2025
Between February 3 and 9, 2025, CISA published ICS advisories to address vulnerabilities in the following products:
- ABB Drive Composer entry – version 2.9.0.1 and prior
- ABB Drive Composer pro – version 2.9.0.1 and prior
- AutomationDirect C-more EA9 HMI – versions v6.79 and prior for multiple models
- Elber Communications Cleber/3 Broadcast Multi-Purpose Platform – version 1.0
- Elber Communications ESE DVB-S/S2 Satellite Receiver – versions 1.5.179 and prior
- Elber Communications Reble610 M/ODU XPIC IP-ASI-SDH – version 0.01
- Elber Communications Signum DVB-S/S2 IRD – versions 1.999 and prior
- Elber Communications Wayber Analog/Digital Audio STL – version 4
- MicroDicom DICOM Viewer – version 2024.03
- Orthanc server – versions prior to 1.5.8
- Rockwell Automation 1756-L3zS3 – versions prior to V33.017, V34.014, V35.013 and V36.011
- Rockwell Automation 1756-L8zS3 – versions prior to V33.017, V34.014, V35.013 and V36.011
- Schneider Electric EcoStruxure Power Monitoring Expert (PME) – versions 2022 and prior
- Schneider Electric BMENOR2200H – all versions
- Schneider Electric BMXNOE0100 – all versions
- Schneider Electric BMXNOE0110 – all versions
- Schneider Electric BMXNOR0200H – versions prior to SV1.70IR26
- Schneider Electric EVLink Pro AC – versions prior to v1.3.10
- Schneider Electric EcoStruxure Architecture Builder – versions prior to V7.0.18
- Schneider Electric EcoStruxure Control Expert Asset Link – versions prior to V4.0 SP1
- Schneider Electric EcoStruxure Control Expert – versions prior to V16.1
- Schneider Electric EcoStruxure Machine Expert Twin – all versions
- Schneider Electric EcoStruxure Machine Expert including EcoStruxure Machine Expert Safety – all versions
- Schneider Electric EcoStruxure Machine SCADA Expert Asset Link – all versions
- Schneider Electric EcoStruxure OPC UA Server Expert – all versions
- Schneider Electric EcoStruxure Operator Terminal Expert – all versions
- Schneider Electric Modicon M340 processors (part numbers BMXP34*) – all versions
- Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) – versions prior to SV4.30
- Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58-S and BMEH58-S) – versions prior to SV4.21
- Schneider Electric Pro-face GP-Pro EX – all versions
- Schneider Electric Pro-face Remote HMI – all versions
- Schneider Electric Vijeo Designer – version prior to V6.3SP1 HF1
- Schneider Electric Web Designer for BMENOC0311(C) – all versions
- Schneider Electric Web Designer for BMENOC0321(C) – all versions
- Schneider Electric Web Designer for BMXNOE0110(H) – all versions
- Schneider Electric Web Designer for BMXNOR0200H – all versions
- Schneider Electric Zelio Soft 2 – all versions
- Schneider ElectricEcoStruxure Process Expert – all versions
- Trimble Cityworks with office companion – versions prior to 23.10
- Trimble Cityworks – versions prior to 15.8.9
- Western Telematic Console Server (DSM Series) – firmware version 6.62 and prior
- Western Telematic Console Server + PDU Combo Unit (CPM Series) – firmware version 6.62 and prior
- Western Telematic Network Power Switch (NPS Series) – firmware version 6.62 and prior
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.