CISA releases six advisories on industrial control system vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued six advisories covering vulnerabilities found in various Industrial Control Systems (ICS) products. These advisories address security flaws capable of affecting operational control and data management in industrial environments.

The advisories include details such as Common Vulnerabilities and Exposures (CVE) identifiers and applicable firmware or software versions. Among the affected products are Schneider Electric's EcoStruxure Machine Supervisory Control and Data Acquisition (SCADA) Expert and Pro-face BLUE Open Studio, Shelly Pro models 4PM and 3EM, Schneider Electric's PowerChute Serial Shutdown, METZ CONNECT EWIO2, and an update concerning Schneider Electric EcoStruxure. The vulnerabilities span components and functions specific to these products, with exploit conditions detailed in each advisory.

These vulnerabilities can lead to unauthorized access, disruption of control processes, or other operational impacts as specified in the advisories. The nature of each vulnerability, including differences across advisories, is enumerated without omission.

CISA's advisories indicate that patches or updates addressing these vulnerabilities are available where applicable. The advisories include precise information about the current status of fixes or the lack thereof for each product and vulnerability.

Users and system administrators involved with the affected ICS products are advised to examine the published advisories thoroughly. The technical reports offer insights into the vulnerabilities and outline mitigation steps as provided by the vendors and CISA.