Skip to content

CISA Releases Five ICS Advisories - 20241218001

Overview

CISA has released five Industrial Control Systems (ICS) advisories around current security issues, vulnerabilities, and exploits on five products.

What is vulnerable?

Product(s) Affected Affected Version(s) CVSS
ThreatQuotient: ThreatQ Platform Versions prior to 5.29.3 8.7
Hitachi Energy: TropOS devices series 1400/2400/6400 All versions prior to 8.9.6 5.3
Rockwell Automation: PowerMonitor 1000 Remote PM1k 1408-BC3A-485: Versions prior to 4.020
PM1k 1408-BC3A-ENT: Versions prior to 4.020
PM1k 1408-TS3A-485: Versions prior to 4.020
PM1k 1408-TS3A-ENT: Versions prior to 4.020
PM1k 1408-EM3A-485: Versions prior to 4.020
PM1k 1408-EM3A-ENT: Versions prior to 4.020
PM1k 1408-TR1A-485: Versions prior to 4.020
PM1k 1408-TR2A-485: Versions prior to 4.020
PM1k 1408-EM1A-485: Versions prior to 4.020
PM1k 1408-EM2A-485: Versions prior to 4.020
PM1k 1408-TR1A-ENT: Versions prior to 4.020
PM1k 1408-TR2A-ENT: Versions prior to 4.020
PM1k 1408-EM1A-ENT: Versions prior to 4.020
PM1k 1408-EM2A-ENT: Versions prior to 4.020		 9.3
Schneider Electric: Modicon Controllers Modicon Controllers M241: All versions
Modicon Controllers M251: All versions
Modicon Controllers M258: All versions
Modicon Controllers LMC058: All versions		 9.3
BD Diagnostic Solutions: Multiple BD products BD BACTEC Blood Culture System: All versions
BD COR System: All versions
BD EpiCenter Microbiology Data Management System: All versions
BD MAX System: All versions
BD Phoenix M50 Automated Microbiology System: All versions
BD Synapsys Informatics Solution: All versions		 8.0

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):