Serial number: AV24-468
Date: August 19, 2024
Between August 12 and 18, 2024, CISA published ICS advisories to address vulnerabilities in the following products:
- AVEVA Historian Web Server – versions 2023 to 2023 P03, versions 2020 to 2020 R2 SP1 P01 and 2023 R2
- AVEVA Reports for Operations 2023 – version 23.0.17795.1010 and prior
- AVEVA SuiteLink Server – multiple products and versions
- Ocean Data Systems Dream Report 2023 – version 23.0.17795.1010 and prior
- PTC Kepware ThingWorx Kepware Server – multiple products and versions
- Rockwell Automation ControlLogix, GuardLogix, Compact Logix and Compact GuardLogix – multiple models and versions
- Rockwell Automation Micro850/870 – versions prior to v22.01
- Rockwell Automation FactoryTalk View Site Edition – version 13.0
- Rockwell Automation DataMosaix Private Cloud – versions prior to 7.07
- Rockwell Automation Pavilion8 – versions 5.20 and later
- Rockwell Automation AADvance Standalone OPC-DA Server – versions 2.01.510 and later
- Siemens SCALANCE M-800 Family – multiple models and versions prior to V8.1
- Siemens RUGGEDCOM RM1224 – versions prior to V8.1
- Siemens NX – versions prior to V2406.3000
- Siemens COMOS – versions prior to V10.5
- Siemens Location Intelligence – versions prior to V4.4
- Siemens SINEC NMS – versions prior to V3.0
- Siemens LOGO! V8.3 BM Devices – multiple models and versions
- Siemens SINEC NMS – versions prior to V3.0
- Siemens SINEC Traffic Analyzer – versions prior to V2.0
- Siemens Teamcenter Visualization and JT2Go – multiple versions
- Siemens INTRALOG WMS – versions prior to 4.0
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates if available.
This alert was originated From: Canadian Centre for Cyber Security
https://cyber.gc.ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av24-468