CISA releases 8 Industrial Control Systems Advisories

Cybersecurity and Infrastructure Security Agency sent this bulletin at 08/16/2022 12:28 PM EDT

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Industrial Control Systems (ICS) Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

CISA releases 8 Industrial Control Systems Advisories
8/16/2022 12:25 PM EDT
ICS-CERT released the following 8 advisories today, August 16, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities.

Yokogawa CENTUM Controller FCS

This advisory contains mitigations for a Denial of Service vulnerability in CENTUM Controller FCS products. 

LS ELEC PLC and XG5000

This advisory contains mitigations for an Inadequate Encryption Strength vulnerability in LS ELECTRIC PLC and XG5000, a PLC programming software. 

Delta Industrial Automation DRAS

This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Delta Industrial Automation DRAS, a controller software suite. 

Softing Secure Integration Server

This advisory contains mitigations for Out-of-bounds Read, Uncontrolled Search Path Element, Improper Authentication, Relative Path Traversal, Cleartext Transmission of Sensitive Information, NULL Pointer Dereference, and Integer Underflow vulnerabilities in various Softing products. 

BR Industrial Automation Automation Studio 4

This advisory contains mitigations for an Unrestricted Upload of File with Dangerous Type vulnerability in Industrial Automation Automation Studio 4, a PLC automation programming software. 

Emerson Electric Proficy Machine Edition

This advisory contains mitigations for Missing Support for Integrity Check, Improper Access Control, Unrestricted Upload of File with Dangerous Type, Improper Verification of Cryptographic Signature, Insufficient Verification of Data Authenticity, and Path Traversal: ‘\..\filename’ vulnerabilities in Emerson Proficy Machine Edition, an engineering workstation. 

Sequi PortBloque S

This advisory contains mitigations for Improper Authentication and Improper Authorization vulnerabilities in Sequi PortBloque S, a serial Modbus firewall. 

Siemens Industrial Products with OPC UA (Update B)

This updated advisory is a follow-up to the original advisory titled ICSA-22-132-08 Siemens Industrial Products with OPC UA (Update A) that was published May 12, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for various Siemens Industrial Products with OPC UA products.