CISA and Siemens Release New ICS Advisories - 20240913004

Overview

CISA and Siemens has released advisories for Industrial Control Systems (ICS) related products and vendors.

What is vulnerable?

Siemens Advisory

Vendor	Advisory Link(s)	CVE #	CVSS	Severity
Siemens	SSA-629254	CVE-2024-35783	9.4	Critical

CISA Advisories

Vendor	Advisory Link(s)
Siemens	ICSA-24-256-01 ICSA-24-256-02 ICSA-24-256-03 ICSA-24-256-04 ICSA-24-256-05 ICSA-24-256-06 ICSA-24-256-07 ICSA-24-256-08 ICSA-24-256-09 ICSA-24-256-10 ICSA-24-256-11 ICSA-24-256-12 ICSA-24-256-13 ICSA-24-256-14 ICSA-24-256-15 ICSA-24-256-16
AutomationDirect	ICSA-24-256-17
Rockewell Automation	ICSA-24-256-18 ICSA-24-256-19 ICSA-24-256-20 ICSA-24-256-21 ICSA-24-256-22 ICSA-24-256-23 ICSA-24-256-24 ICSA-24-256-25

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):

• Siemens Advisory: https://cert-portal.siemens.com/productcert/html/ssa-629254.html
• CISA Advisory: https://www.cisa.gov/news-events/alerts/2024/09/12/cisa-releases-twenty-five-industrial-control-systems-advisories