Serial number: AV24-687
Date: December 2, 2024
Between November 25 and December 1, 2024, CISA published ICS advisories to address vulnerabilities in the following products:
- Hitachi Energy MicroSCADA Pro/X SYS600 – multiple versions
- Hitachi Energy RTU500 Scripting Interface – all versions
- Schneider Electric EcoStruxure Control Expert – versions prior to v16.0
- Schneider Electric EcoStruxure Process Expert – versions prior to v2023
- Schneider Electric Modicon M340 CPU (part numbers BMXP34*) – versions prior to sv3.60
- Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH* excluding M580 CPU Safety) – versions prior to SV4.20
- Schneider Electric Modicon M580 CPU Safety – versions prior to SV4.21
- Schneider Electric Modicon MC80 (part numbers BMKC80) – all versions
- Schneider Electric Modicon Momentum Unity M1E Processor (171CBU*) – all versions
- Schneider Electric PowerLogic P5 – versions 01.500.104 and prior
- SchneiderPowerLogic PM5560 – versions prior to v2.7.8
- SchneiderPowerLogic PM5561 – versions prior to v10.7.3
- SchneiderPowerLogic PM5562 – versions prior to v2.5.4
- SchneiderPowerLogic PM5563 – versions prior to v2.7.8
- Schneider PowerLogic PM8ECC – all versions
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.
This alert was originated From: Canadian Centre for Cyber Security
https://cyber.gc.ca/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av24-687