CISA Releases Forty-One Industrial Control Systems Advisories
Original release date: December 15, 2022CISA has released forty-one (41) Industrial Control Systems (ICS) advisories on 15 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:
ICSA-22-349-01 Prosys OPC UA Simulation
ICSA-22-349-02 Siemens SCALANCE X-200RNA Switch Devices
ICSA-22-349-03 Siemens Multiple Denial of Service Vulnerabilities in Industrial Products
ICSA-22-349-04 Siemens Multiple Vulnerabilities in SCALANCE Products
ICSA-22-349-05 Siemens PLM Help Server
ICSA-22-349-06 Siemens SIMATIC WinCC OA Ultralight Client
ICSA-22-349-07 Siemens Simcenter STAR-CCM+
ICSA-22-349-08 Siemens Polarion ALM
ICSA-22-349-09 Siemens Products affected by OpenSSL 3.0
ICSA-22-349-10 Siemens APOGEE_TALON Field Panels
ICSA-22-349-11 Siemens SIPROTEC 5 Devices
ICSA-22-349-12 Siemens Parasolid
ICSA-22-349-13 Siemens Mendix Workflow Commons
ICSA-22-349-14 Siemens SISCO MMS-EASE Third Party Component
ICSA-22-349-15 Siemens Teamcenter Visualization and JT2Go
ICSA-22-349-16 Siemens APOGEE and TALON
ICSA-22-349-17 Siemens Mendix Email Connector
ICSA-22-349-18 Siemens SCALANCE SC-600 Family
ICSA-22-349-19 Siemens SICAM PAS
ICSA-22-349-20 Siemens Teamcenter Visualization and JT2Go
ICSA-22-349-21 Siemens SCALANCE X-200RNA Switch Devices
ICSA-21-012-02 Siemens SCALANCE X Switches (Update C)
ICSA-20-014-03 Siemens SCALANCE X Switches (Update B)
ICSA-20-042-07 Siemens SCALANCE X Switches (Update C)
ICSA-22-069-01 Siemens RUGGEDCOM Devices (Update D)
ICSA-21-222-05 Siemens Industrial Products Intel CPUs (Update G)
ICSA-20-161-04 Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update K)
ICSA-22-286-09 Siemens SICAM P850 and P855 Devices (Update A)
ICSA-22-286-11 Siemens SCALANCE and RUGGEDCOM Products (Update B)
ICSA-22-258-04 Siemens Mendix SAML Module (Update B)
ICSA-22-104-06 Siemens PROFINET Stack Integrated on Interniche Stack (Update E)
ICSA-22-286-07 Siemens Nucleus RTOS FTP Server (Update A)
ICSA-22-314-09 Siemens Teamcenter Visualization and JT2Go (Update A)
ICSA-22-314-02 Siemens Missing Web Server Login Page of Industrial Controllers (Update A)
ICSA-22-167-14 Siemens OpenSSL Affected Industrial Products (Update E)
ICSA-22-132-05 Siemens Industrial PCs and CNC devices (Update A)
ICSA-22-104-13 Siemens SIMATIC S7-1500 CPU GNU Linux subsystem (Update A)
ICSA-18-163-02 Siemens SCALANCE X Switches (Update B)
ICSA-22-132-12 Siemens Industrial Products (Update C)
ICSA-20-105-08 Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (Update D)
ICSA-19-283-02 Siemens Profinet Devices (Update L)
This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths
Original release date: December 15, 2022Drupal has released security updates to address vulnerabilities affecting H5P and the File (Field) Paths modules for Drupal 7.x. An attacker could exploit these vulnerabilities to access sensitive information and remotely execute code.
CISA encourages users and administrators to review Drupal’s security advisories SA-CONTRIB-2022-064 and SA-CONTRIB-2022-065 and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA Consolidates Twitter Accounts
Original release date: December 15, 2022CISA has consolidated its social media presence on Twitter. Three accounts — @ICSCERT, @Cyber, and @CISAInfraSec — are no longer active. Additionally, the @USCERT_gov Twitter account is now renamed @CISACyber. The following current active Twitter accounts will include posts on content previously covered on the now-inactive accounts.
@CISACyber will cover updates relevant to the industrial control systems community along with the latest vulnerability management info, threat analysis, and other info relevant to the cybersecurity community.
@CISAgov will continue to provide agencywide content or non-urgent ICS updates.
@CISAJen will continue to include posts across a variety of topics coming straight from the CISA director.
CISA encourages followers of the @ICSCERT, @Cyber, and @CISAInfraSec Twitter accounts to follow @CISACyber and @CISAgovTwitter accounts to keep receiving important CISA messages and information.
This product is provided subject to this Notification and this Privacy & Use policy.