CISA Releases Seventeen Industrial Control Systems Advisories - 20240517003¶
Overview¶
CISA released seventeen Industrial Control Systems (ICS) advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
What is vulnerable?¶
| Product(s) Affected | Vendor Advisory | Dated |
|---|---|---|
| Siemens Parasolid | ICSA-24-137-01 Siemens Parasolid | 16 May, 2024 |
| Siemens SICAM Products | ICSA-24-137-02 Siemens SICAM Products | 16 May, 2024 |
| Siemens Teamcenter Visualization and JT2Go | ICSA-24-137-03 Siemens Teamcenter Visualization and JT2Go | 16 May, 2024 |
| Siemens Polarion ALM | ICSA-24-137-04 Siemens Polarion ALM | 16 May, 2024 |
| Siemens Simcenter Nastran | ICSA-24-137-05 Siemens Simcenter Nastran | 16 May, 2024 |
| Siemens SIMATIC CN 4100 Before V3.0 | ICSA-24-137-06 Siemens SIMATIC CN 4100 Before V3.0 | 16 May, 2024 |
| Siemens SIMATIC RTLS Locating Manager | ICSA-24-137-07 Siemens SIMATIC RTLS Locating Manager | 16 May, 2024 |
| Siemens PS/IGES Parasolid Translator Component | ICSA-24-137-08 Siemens PS/IGES Parasolid Translator Component | 16 May, 2024 |
| Siemens Solid Edge | ICSA-24-137-09 Siemens Solid Edge | 16 May, 2024 |
| Siemens RUGGEDCOM CROSSBOW | ICSA-24-137-10 Siemens RUGGEDCOM CROSSBOW | 16 May, 2024 |
| Siemens RUGGEDCOM APE1808 | ICSA-24-137-11 Siemens RUGGEDCOM APE1808 | 16 May, 2024 |
| Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems | ICSA-24-137-12 Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems | 16 May, 2024 |
| Siemens Industrial Products | ICSA-24-137-13 Siemens Industrial Products | 16 May, 2024 |
| Rockwell Automation FactoryTalk View SE | ICSA-24-137-14 Rockwell Automation FactoryTalk View SE | 16 May, 2024 |
| Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A) | ICSA-23-044-01 Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A) | 16 May, 2024 |
| Mitsubishi Electric MELSEC-Q/L Series (Update A) | ICSA-24-074-14 Mitsubishi Electric MELSEC-Q/L Series (Update A) | 16 May, 2024 |
| GE Healthcare Ultrasound Products (Update A) | ICSMA-20-049-02 GE Healthcare Ultrasound Products (Update A) | 16 May, 2024 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):