Serial number: AV24-678
Date: November 25, 2024
Between Novembre 18 and Novembre 24, 2024, CISA published ICS advisories to address vulnerabilities in the following products:
- Automated Logic Carrier i-Vu – version 7.0
- Automated Logic SiteScan Web – version 7.0
- Automated Logic WebCTRL Server – version 7.0
- Automated Logic WebCTRL for OEMs – version 7.0
- Mitsubishi Electric MELSEC iQ-F Series – multiple versions and models
- mySCADA myPRO Manager – versions prior to 1.3
- mySCADA myPRO Runtime – versions prior to 9.2.1
- OSCAT CODESYS Basic Library – version 3.3.5.0
- OSCAT oscat.de OSCAT Basic Library – version 3.3.5 and prior
- OSCAT oscat.de OSCAT Basic Library – version 335 and prior
- Schneider Electric EcoStruxure IT Gateway – multiple versions
- Schneider Electric Modicon M340 CPU (part numbers BMXP34*) – all versions
- Schneider Electric Modicon MC80 (part numbers BMKC80) – all versions
- Schneider Electric Modicon Momentum Unity M1E Processor (171CBU*) – all versions
- Schneider Electric PowerLogic PM5320 – version 2.3.8 and prior
- Schneider Electric PowerLogic PM5340 – version 2.3.8 and prior
- Schneider Electric PowerLogic PM5341 – version 2.6.6 and prior
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.
This alert was originated From: Canadian Centre for Cyber Security
https://cyber.gc.ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av24-678