Serial number: AV24-523
Date: September 16, 2024
Between September 9 and 15, 2024, CISA published ICS advisories to address vulnerabilities in the following products:
- AutomationDirect DirectLogic H2-DM1E – version 2.8.0 and prior
- BPL Medical Technologies Be Well Android Application – version 3.64 and prior
- BPL Medical Technologies PWS-01-BT – all versions
- iniNet Solutions GmbH SpiderControl SCADA Web Server – version v2.09 and prior
- Rockwell Automation 5015-U8IHFT – version 1.012 and prior
- Rockwell Automation 1756-EN4 – version 2.001
- Rockwell Automation AADvance Trusted SIS Workstation – version 2.00.01 and prior
- Rockwell Automation CompactLogix 5380 – version v.32.011
- Rockwell Automation CompactLogix 5380 Process – version v.33.011
- Rockwell Automation Compact GuardLogix 5380 SIL 2 – version v.32.013
- Rockwell Automation Compact GuardLogix 5380 SIL 3 – version v.32.011
- Rockwell Automation CompactLogix 5480 – version v.32.011
- Rockwell Automation ControlLogix 5580 – version v.32.011
- Rockwell Automation ControlLogix 5580 Process – version v.33.011
- Rockwell Automation GuardLogix 5580 – version v.32.011
- Rockwell Automation Embedded Edge Compute Module – version 4.0.0.347
- Rockwell Automation FactoryTalk Batch View – version 2.01.00 and prior
- Rockwell Automation FactoryTalk View Site Edition – versions V12.0, V13.0 and V14.0
- Rockwell Automation 2800C OptixPanel Compact – version 4.0.0.325
- Rockwell Automation 2800S OptixPanel Standard – version 4.0.0.350
- Rockwell Automation Pavilion8 – versions prior to V5.20
- Rockwell Automation SequenceManager – versions prior to 2.0
- Rockwell Automation ThinManager – multiple versions
- Siemens AI Model Deployer – versions prior to V1.1
- Siemens Automation License Manager V5 – All versions
- Siemens Automation License Manager V6.0 – all versions
- Siemens Automation License Manager V6.2 – versions prior to V6.2 Upd3
- Siemens Data Flow Monitoring Industrial Edge Device User Interface (DFM IED UI) – versions prior to V0.0.6
- Siemens Industrial Edge Management OS (IEM-OS) – all versions
- Siemens Industrial Edge Management Pro – versions prior to V1.9.5
- Siemens Industrial Edge Management Virtual – versions prior to V2.3.1-1
- Siemens LiveTwin Industrial Edge app (6AV2170-0BL00-0AA0) – versions prior to V2.4
- Siemens Mendix Runtime V8 – multiple versions
- Siemens Mendix Runtime V9 – multiple versions
- Siemens Mendix Runtime V10 – multiple versions
- Siemens Mendix Runtime V10.6 – multiple versions
- Siemens Mendix Runtime V10.12 – multiple versions
- Siemens Plant Simulation V2302 – versions prior to V2302.0015
- Siemens Plant Simulation V2404 – versions prior to V2404.0004
- Siemens SCALANCE W700 – multiple products and versions
- Siemens SICAM A8000 Device Firmware ETI5 Ethernet Int. 1x100TX IEC61850 – versions prior to V05.30
- Siemens SICAM EGS Device Firmware ETI5 – versions prior to V05.30
- Siemens SICAM 8 Software Solution ETI5 – versions prior to V05.30
- Siemens SICAM SCC – versions prior to V10.0
- Siemens SIMATIC BATCH V9.1 – all versions
- Siemens SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) – versions prior to V3.5.20
- Siemens SIMATIC CP 1243-1 (incl. SIPLUS variants) – versions prior to V3.5.20
- Siemens SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) – versions prior to V3.5.20
- Siemens SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) – versions prior to V3.5.20
- Siemens SIMATIC CP 1243-7 LTE – versions prior to V3.5.20
- Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) – versions prior to V3.5.20
- Siemens SIMATIC HMI Comfort Panels (incl. SIPLUS variants) – all versions
- Siemens SIMATIC IPC DiagBase – all versions
- Siemens SIMATIC IPC DiagMonitor – all versions
- Siemens SIMATIC Information Server 2020 – all versions
- Siemens SIMATIC Information Server 2022 – all versions
- Siemens SIMATIC Information Server 2024 – all versions
- Siemens SIMATIC PCS 7 V9.1 – all versions
- Siemens SIMATIC PCS neo V4.0 – all versions
- Siemens SIMATIC PCS neo V4.1 – versions prior to V4.1 Update 2
- Siemens SIMATIC PCS neo V5.0 – all versions
- Siemens SIMATIC Process Historian 2020 – all versions
- Siemens SIMATIC Process Historian 2022 – all versions
- Siemens SIMATIC RFID Readers – multiple products and versions
- Siemens SIMATIC WinCC Runtime Professional V17 – all versions
- Siemens SIMATIC WinCC Runtime Professional V18 – all versions
- Siemens SIMATIC WinCC Runtime Professional V19 – all versions
- Siemens SIMATIC WinCC Runtime Professional V20 – all versions
- Siemens SIMATIC WinCC V7.4 – all versions
- Siemens SIMATIC WinCC V7.5 – all versions
- Siemens SIMATIC WinCC V8.0 – all versions
- Siemens SIMATIC WinCC Runtime Advanced – all versions
- Siemens SINEC NMS – all versions
- Siemens SINEMA Remote Connect Client – versions prior to V3.2 SP2
- Siemens SINEMA Remote Connect Server – versions prior to V3.2 SP2
- Siemens SINUMERIK 828D V4 – multiple versions
- Siemens SINUMERIK 828D V5 – versions prior to V5.24
- Siemens SINUMERIK 840D sl V4 – multiple versions
- Siemens SINUMERIK ONE – multiple versions
- Siemens SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) – versions prior to V2.4.8
- Siemens SITIPE AT – all versions
- Siemens TIA Administrator – versions prior to V3.0 SP3
- Siemens TIM 1531 IRC (6GK7543-1MX00-0XE0) – versions prior to V2.4.8
- Siemens Totally Integrated Automation Portal (TIA Portal) V16 – all versions
- Siemens Totally Integrated Automation Portal (TIA Portal) V17 – versions prior to V17 Update 8
- Siemens Totally Integrated Automation Portal (TIA Portal) V18 – all versions
- Siemens Totally Integrated Automation Portal (TIA Portal) V19 – all versions
- Viessmann Climate Solutions SE Viessmann Vitogate 300 – version 2.1.3.0 and prior
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.
This alert was originated From: Canadian Centre for Cyber Security
https://cyber.gc.ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av24-523