[Control systems] CISA ICS security advisories (AV24-468)

Serial number: AV24-468
Date: August 19, 2024

Between August 12 and 18, 2024, CISA published ICS advisories to address vulnerabilities in the following products:

• AVEVA Historian Web Server – versions 2023 to 2023 P03, versions 2020 to 2020 R2 SP1 P01 and 2023 R2
• AVEVA Reports for Operations 2023 – version 23.0.17795.1010 and prior
• AVEVA SuiteLink Server – multiple products and versions
• Ocean Data Systems Dream Report 2023 – version 23.0.17795.1010 and prior
• PTC Kepware ThingWorx Kepware Server – multiple products and versions
• Rockwell Automation ControlLogix, GuardLogix, Compact Logix and Compact GuardLogix – multiple models and versions
• Rockwell Automation Micro850/870 – versions prior to v22.01
• Rockwell Automation FactoryTalk View Site Edition – version 13.0
• Rockwell Automation DataMosaix Private Cloud – versions prior to 7.07
• Rockwell Automation Pavilion8 – versions 5.20 and later
• Rockwell Automation AADvance Standalone OPC-DA Server – versions 2.01.510 and later
• Siemens SCALANCE M-800 Family – multiple models and versions prior to V8.1
• Siemens RUGGEDCOM RM1224 – versions prior to V8.1
• Siemens NX – versions prior to V2406.3000
• Siemens COMOS – versions prior to V10.5
• Siemens Location Intelligence – versions prior to V4.4
• Siemens SINEC NMS – versions prior to V3.0
• Siemens LOGO! V8.3 BM Devices – multiple models and versions
• Siemens SINEC NMS – versions prior to V3.0
• Siemens SINEC Traffic Analyzer – versions prior to V2.0
• Siemens Teamcenter Visualization and JT2Go – multiple versions
• Siemens INTRALOG WMS – versions prior to 4.0

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates if available.