CISA Releases Fifteen Industrial Control Systems Advisories - 20240315003¶
Overview¶
CISA has released a set of advisories for commonly used Mitsubishi, Siemens and Fortinet ICS equipment, including systems commonly used for datacentre monitoring and fire suppression. Users and administrators are encouraged to review the newly released ICS advisories for technical details and mitigations.
What is vulnerable?¶
| Product(s) Affected | Dated | Vendor Advisory |
|---|---|---|
| - Siemens SINEMA Remote Connect Server versions |
14 Mar, 2024 | Siemens SINEMA Remote Connect Server |
| - Siemens SINEMA Remote Connect Client versions |
14 Mar, 2024 | Siemens SINEMA Remote Connect Client |
| - Siemens SENTRON 7KM PAC3x20 versions |
14 Mar, 2024 | Siemens SENTRON 7KM PAC3x20 |
| - Siemens Solid Edge versions |
14 Mar, 2024 | Siemens Solid Edge |
| - Siemens RUGGEDCOM APE1808 versions |
14 Mar, 2024 | Siemens RUGGEDCOM APE1808 |
| - Siemens SENTRON versions |
14 Mar, 2024 | Siemens SENTRON |
| - Siemens SIMATIC versions |
14 Mar, 2024 | Siemens SIMATIC |
| - Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family versions |
14 Mar, 2024 | Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family |
| - Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems versions |
14 Mar, 2024 | Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems |
| - Siemens Siveillance Control versions |
14 Mar, 2024 | Siemens Siveillance Control |
| - Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices versions |
14 Mar, 2024 | Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices |
| - Delta Electronics DIAEnergie versions |
14 Mar, 2024 | Delta Electronics DIAEnergie |
| - Softing edgeConnector versions |
14 Mar, 2024 | Softing edgeConnector |
| - Mitsubishi Electric MELSEC-Q/L Series versions |
14 Mar, 2024 | Mitsubishi Electric MELSEC-Q/L Series |
| - Mitsubishi Electric MELSEC Series CPU module (Update C) versions |
14 Mar, 2024 | Mitsubishi Electric MELSEC Series CPU module (Update C) |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):