The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
October 24: CISA Releases One Industrial Control Systems Advisory
October 19: CISA Releases One Industrial Control Systems Advisory
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
- Rockwell Automation Stratix 5800 and Stratix 5200
- Hitachi Energy’s RTU500 Series Product (Update B) – Used in Energy Sector
Alerts, Updates, and Bulletins:
- October 23: CISA Adds One Known Exploited Vulnerability to Catalog
- October 23: CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
- October 20: CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
- CISA Releases Fact Sheet on Effort to Revise the National Cyber Incident Response Plan (NCIRP)
- Oracle Releases October 2023 Critical Patch Update Advisory
- October 19: CISA Adds Two Known Exploited Vulnerabilities to Catalog
- CISA, NSA, FBI, and MS-ISAC Release Update to #StopRansomware Guide
- CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance
