CISA releases 18 advisories on industrial control system vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued 18 advisories concerning vulnerabilities and security concerns affecting multiple Industrial Control Systems (ICS) products from various manufacturers, highlighting potential security risks within these platforms.

These advisories cover a range of products including Mitsubishi Electric MELSEC iQ-F Series; AVEVA Application Server Immutable Deployment Environment (IDE), AVEVA Edge; Brightpick Mission Control/Internal Logic Control; Rockwell Automation Verve Asset Manager, Studio 5000 Simulation Interface, FactoryTalk DataMosaix Private Cloud, FactoryTalk Policy Manager, and AADvance-Trusted Sovereign Infrastructure Standard (SIS) Workstation; General Industrial Controls Lynx+ Gateway; Siemens SICAM P850 and P855 families, Spectrum Power 4, LOGO! 8 BM Devices, Solid Edge, COMOS, Altair Grid Engine, and Software Center; as well as Festo Controller CECC-S, -LK, -D Family Firmware (Update A). Each advisory specifies affected versions, vulnerable components or functions, exploit conditions, and distinctions among the reported vulnerabilities.

The consequences associated with these vulnerabilities vary according to each advisory but include impacts on operational integrity and potential exploitation vectors as detailed in each respective release.

Resolution information provided within the advisories details available patches, updates, or workarounds released by vendors to address the identified flaws, where applicable.

CISA recommends that system operators and administrators consult the detailed advisories to understand the technical specifics and to apply the provided solutions or mitigations as appropriate for their environments.