The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Nineteen Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
- Siemens SIMATIC CP products
- Siemens SCALANCE W1750D
- Siemens SICAM A8000 Devices
- Siemens Xpedition Layout Browser
- Siemens Simcenter Amesim
- Siemens SICAM PAS/PQS
- Siemens RUGGEDCOM APE1808
- Siemens SINEC NMS
- Siemens CPCI85 Firmware of SICAM A8000 Devices
- Siemens Tecnomatix Plant Simulation
- Siemens Mendix Forgot Password Module
- Weintek cMT3000 HMI Web CGI
- Mitsubishi Electric MELSEC-F Series
- Hikvision Access Control and Intercom Products
- Advantech WebAccess – Used in Energy and Water and Wastewater Systems Sector
- Schneider Electric IGSS – Used in Energy Sector
- Santesoft Sante DICOM Viewer Pro
- Santesoft Sante FFT Imaging
- PTC Kepware KepServerEX (Update A)
Alerts, Updates, and Bulletins:
- Fortinet Releases Security Updates for Multiple Products
- FBI and CISA Release Update on AvosLocker Advisory
- Microsoft Releases October 2023 Security Updates
- Citrix Releases Security Updates for Multiple Products
- HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487
- CISA Adds Five Known Vulnerabilities to Catalog