[Control systems] CISA ICS security advisories (AV24-523)

Serial number: AV24-523
Date: September 16, 2024

Between September 9 and 15, 2024, CISA published ICS advisories to address vulnerabilities in the following products:

• AutomationDirect DirectLogic H2-DM1E – version 2.8.0 and prior
• BPL Medical Technologies Be Well Android Application – version 3.64 and prior
• BPL Medical Technologies PWS-01-BT – all versions
• iniNet Solutions GmbH SpiderControl SCADA Web Server – version v2.09 and prior
• Rockwell Automation 5015-U8IHFT – version 1.012 and prior
• Rockwell Automation 1756-EN4 – version 2.001
• Rockwell Automation AADvance Trusted SIS Workstation – version 2.00.01 and prior
• Rockwell Automation CompactLogix 5380 – version v.32.011
• Rockwell Automation CompactLogix 5380 Process – version v.33.011
• Rockwell Automation Compact GuardLogix 5380 SIL 2 – version v.32.013
• Rockwell Automation Compact GuardLogix 5380 SIL 3 – version v.32.011
• Rockwell Automation CompactLogix 5480 – version v.32.011
• Rockwell Automation ControlLogix 5580 – version v.32.011
• Rockwell Automation ControlLogix 5580 Process – version v.33.011
• Rockwell Automation GuardLogix 5580 – version v.32.011
• Rockwell Automation Embedded Edge Compute Module – version 4.0.0.347
• Rockwell Automation FactoryTalk Batch View – version 2.01.00 and prior
• Rockwell Automation FactoryTalk View Site Edition – versions V12.0, V13.0 and V14.0
• Rockwell Automation 2800C OptixPanel Compact – version 4.0.0.325
• Rockwell Automation 2800S OptixPanel Standard – version 4.0.0.350
• Rockwell Automation Pavilion8 – versions prior to V5.20
• Rockwell Automation SequenceManager – versions prior to 2.0
• Rockwell Automation ThinManager – multiple versions
• Siemens AI Model Deployer – versions prior to V1.1
• Siemens Automation License Manager V5 – All versions
• Siemens Automation License Manager V6.0 – all versions
• Siemens Automation License Manager V6.2 – versions prior to V6.2 Upd3
• Siemens Data Flow Monitoring Industrial Edge Device User Interface (DFM IED UI) – versions prior to V0.0.6
• Siemens Industrial Edge Management OS (IEM-OS) – all versions
• Siemens Industrial Edge Management Pro – versions prior to V1.9.5
• Siemens Industrial Edge Management Virtual – versions prior to V2.3.1-1
• Siemens LiveTwin Industrial Edge app (6AV2170-0BL00-0AA0) – versions prior to V2.4
• Siemens Mendix Runtime V8 – multiple versions
• Siemens Mendix Runtime V9 – multiple versions
• Siemens Mendix Runtime V10 – multiple versions
• Siemens Mendix Runtime V10.6 – multiple versions
• Siemens Mendix Runtime V10.12 – multiple versions
• Siemens Plant Simulation V2302 – versions prior to V2302.0015
• Siemens Plant Simulation V2404 – versions prior to V2404.0004
• Siemens SCALANCE W700 – multiple products and versions
• Siemens SICAM A8000 Device Firmware ETI5 Ethernet Int. 1x100TX IEC61850 – versions prior to V05.30
• Siemens SICAM EGS Device Firmware ETI5 – versions prior to V05.30
• Siemens SICAM 8 Software Solution ETI5 – versions prior to V05.30
• Siemens SICAM SCC – versions prior to V10.0
• Siemens SIMATIC BATCH V9.1 – all versions
• Siemens SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) – versions prior to V3.5.20
• Siemens SIMATIC CP 1243-1 (incl. SIPLUS variants) – versions prior to V3.5.20
• Siemens SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) – versions prior to V3.5.20
• Siemens SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) – versions prior to V3.5.20
• Siemens SIMATIC CP 1243-7 LTE – versions prior to V3.5.20
• Siemens SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) – versions prior to V3.5.20
• Siemens SIMATIC HMI Comfort Panels (incl. SIPLUS variants) – all versions
• Siemens SIMATIC IPC DiagBase – all versions
• Siemens SIMATIC IPC DiagMonitor – all versions
• Siemens SIMATIC Information Server 2020 – all versions
• Siemens SIMATIC Information Server 2022 – all versions
• Siemens SIMATIC Information Server 2024 – all versions
• Siemens SIMATIC PCS 7 V9.1 – all versions
• Siemens SIMATIC PCS neo V4.0 – all versions
• Siemens SIMATIC PCS neo V4.1 – versions prior to V4.1 Update 2
• Siemens SIMATIC PCS neo V5.0 – all versions
• Siemens SIMATIC Process Historian 2020 – all versions
• Siemens SIMATIC Process Historian 2022 – all versions
• Siemens SIMATIC RFID Readers – multiple products and versions
• Siemens SIMATIC WinCC Runtime Professional V17 – all versions
• Siemens SIMATIC WinCC Runtime Professional V18 – all versions
• Siemens SIMATIC WinCC Runtime Professional V19 – all versions
• Siemens SIMATIC WinCC Runtime Professional V20 – all versions
• Siemens SIMATIC WinCC V7.4 – all versions
• Siemens SIMATIC WinCC V7.5 – all versions
• Siemens SIMATIC WinCC V8.0 – all versions
• Siemens SIMATIC WinCC Runtime Advanced – all versions
• Siemens SINEC NMS – all versions
• Siemens SINEMA Remote Connect Client – versions prior to V3.2 SP2
• Siemens SINEMA Remote Connect Server – versions prior to V3.2 SP2
• Siemens SINUMERIK 828D V4 – multiple versions
• Siemens SINUMERIK 828D V5 – versions prior to V5.24
• Siemens SINUMERIK 840D sl V4 – multiple versions
• Siemens SINUMERIK ONE – multiple versions
• Siemens SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) – versions prior to V2.4.8
• Siemens SITIPE AT – all versions
• Siemens TIA Administrator – versions prior to V3.0 SP3
• Siemens TIM 1531 IRC (6GK7543-1MX00-0XE0) – versions prior to V2.4.8
• Siemens Totally Integrated Automation Portal (TIA Portal) V16 – all versions
• Siemens Totally Integrated Automation Portal (TIA Portal) V17 – versions prior to V17 Update 8
• Siemens Totally Integrated Automation Portal (TIA Portal) V18 – all versions
• Siemens Totally Integrated Automation Portal (TIA Portal) V19 – all versions
• Viessmann Climate Solutions SE Viessmann Vitogate 300 – version 2.1.3.0 and prior

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates.