Tag: All CISA Advisories

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems (ICS) advisories on November 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-318-01 AVEVA Operations Control Logger ICSA-23-318-02 Rockwell Automation SIS Workstation and ISaGRAF Workbench CISA…

Read more →

ACSC and CISA Release Business Continuity in a Box

Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and CISA released Business Continuity in a Box. Business Continuity in a Box, developed by ACSC with contributions from CISA, assists organizations with swiftly and securely standing up critical…

Read more →

Johnson Controls Quantum HD Unity

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable Remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Quantum HD Unity Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to access…

Read more →

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems (ICS) advisories on November 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-313-01 Johnson Controls Quantum HD Unity ICSA-23-313-02 Hitachi Energy eSOMS ICSA-21-334-02 Mitsubishi Electric MELSEC…

Read more →

Hitachi Energy eSOMS

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: eSOMS Vulnerabilities: Generation of Error Message Containing Sensitive Information, Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful…

Read more →

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29552 Service Location Protocol (SLP) Denial-of-Service Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to…

Read more →

GE MiCOM S1 Agile

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: General Electric Equipment: MiCOM S1 Agile Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload malicious files…

Read more →

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems (ICS) advisory on November 7, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-23-311-01 GE MiCOM S1 Agile CISA encourages users and administrators to review the newly…

Read more →

CISA Published When to Issue VEX Information

Today, CISA published When to Issue Vulnerability Exploitability eXchange (VEX) Information, developed by a community of industry and government experts with the goal to offer some guidance and structure for the software security world, including the large and growing global…

Read more →

Cisco Releases Security Advisories for Multiple Products

Cisco released security advisories for vulnerabilities affecting multiple Cisco products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the…

Read more →