CISA releases 8 Industrial Control Systems Advisories
Cybersecurity and Infrastructure Security Agency sent this bulletin at 08/16/2022 12:28 PM EDTYou are subscribed to Industrial Control Systems (ICS) Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.
Yokogawa CENTUM Controller FCS
This advisory contains mitigations for a Denial of Service vulnerability in CENTUM Controller FCS products.
LS ELEC PLC and XG5000
This advisory contains mitigations for an Inadequate Encryption Strength vulnerability in LS ELECTRIC PLC and XG5000, a PLC programming software.
Delta Industrial Automation DRAS
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Delta Industrial Automation DRAS, a controller software suite.
Softing Secure Integration Server
This advisory contains mitigations for Out-of-bounds Read, Uncontrolled Search Path Element, Improper Authentication, Relative Path Traversal, Cleartext Transmission of Sensitive Information, NULL Pointer Dereference, and Integer Underflow vulnerabilities in various Softing products.
BR Industrial Automation Automation Studio 4
This advisory contains mitigations for an Unrestricted Upload of File with Dangerous Type vulnerability in Industrial Automation Automation Studio 4, a PLC automation programming software.
Emerson Electric Proficy Machine Edition
This advisory contains mitigations for Missing Support for Integrity Check, Improper Access Control, Unrestricted Upload of File with Dangerous Type, Improper Verification of Cryptographic Signature, Insufficient Verification of Data Authenticity, and Path Traversal: ‘\..\filename’ vulnerabilities in Emerson Proficy Machine Edition, an engineering workstation.
Sequi PortBloque S
This advisory contains mitigations for Improper Authentication and Improper Authorization vulnerabilities in Sequi PortBloque S, a serial Modbus firewall.
Siemens Industrial Products with OPC UA (Update B)
This updated advisory is a follow-up to the original advisory titled ICSA-22-132-08 Siemens Industrial Products with OPC UA (Update A) that was published May 12, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for various Siemens Industrial Products with OPC UA products.