CISA releases eight advisories on industrial control systems vulnerabilities

The Cybersecurity and Infrastructure Security Agency has issued eight advisories covering vulnerabilities and security concerns affecting multiple Industrial Control Systems products. These advisories address weaknesses in automation software, energy devices, and monitoring systems, presenting risks that could affect system operation or data integrity.

The advisories detail issues identified in AutomationDirect's Productivity Suite, ASKI Energy's ALS-Mini-S8 and ALS-Mini-S4 models, and Veeder-Root's TLS4B Automatic Tank Gauge System. Additional products covered include Delta Electronics' ASDA-Soft, NIHON KOHDEN's Central Monitor CNS-6201, Schneider Electric's EcoStruxure platform and Altivar products including the ATVdPAC module and ILC992 InterLink Converter, as well as Hitachi Energy's MACH Storage Class Memory (SCM). The advisories specify Common Vulnerabilities and Exposures (CVE) identifiers where applicable and describe affected software versions and vulnerable components, outlining distinct characteristics and triggering conditions for each vulnerability.

The documented vulnerabilities carry various consequences, such as unauthorized access, data compromise, or operational disruptions within ICS environments, as described in the advisories. These impacts vary depending on the specific product and nature of the vulnerability disclosed.

Addressing these security issues, the advisories provide information on available product updates, patches, or configuration changes to remediate or mitigate the identified vulnerabilities. Where solutions are not immediately available, the advisories indicate the current status and recommend monitoring for future updates from the respective vendors.

Users and system administrators responsible for the affected Industrial Control Systems are advised to consult the advisories thoroughly to understand the technical specifics and to apply recommended fixes or safeguards as indicated. Staying informed about such advisories supports maintaining the security posture of ICS deployments.