On June 11, 2024, CISA released several Industrial Control Systems (ICS) advisories addressing significant security vulnerabilities. The advisories highlight a range of critical issues, including a high-severity denial-of-service (DoS) vulnerability affecting Rockwell Automation ControlLogix, GuardLogix, and CompactLogix controllers. This flaw poses a serious risk of system disruption and requires immediate attention.
The advisories also cover a critical code execution and data exposure issue in the Intrado 911 Emergency Gateway. This vulnerability could potentially allow attackers to execute arbitrary code or access sensitive data, compromising emergency response systems. Additionally, two high-severity flaws in MicroDicom medical software are detailed, involving information disclosure and remote code execution.
Industrial software maker Aveva has published two advisories related to its PI Asset Framework (AF) Client and PI Web API. Both advisories describe high-severity vulnerabilities associated with deserialization of untrusted data, which could lead to local and remote code execution. These issues underscore the importance of addressing software vulnerabilities to prevent potential exploitation.
Schneider Electric has also released five advisories detailing a total of 11 vulnerabilities. These advisories address critical and high-severity issues in various products, including SAGE RTUs, Modicon M340 controllers, and EVlink Home Smart EV charging stations. The flaws could lead to unauthorized firmware updates, device hijacking, and exposure of sensitive information, highlighting the need for prompt remediation to protect industrial systems and infrastructure.
Reference:
