Skip to content

Commit

Permalink
20240913004 (#986)
Browse files Browse the repository at this point in the history 
* Create 20240913004-CISA-Releases-Twenty-Five-Industrial-Control-Systems-Advisories.md

* Format markdown docs

* Update and rename 20240913004

Shorten of filename.
Update content to include Siemens advisory.
Rewording of Overview to include Siemens-related content.

* Format markdown docs

---------

Co-authored-by: jasonkasih <jasonkasih@users.noreply.github.com>
Co-authored-by: JadonWill <117053393+JadonWill@users.noreply.github.com>
Co-authored-by: JadonWill <JadonWill@users.noreply.github.com>
  • Loading branch information
@jasonkasih @JadonWill
4 people committed Sep 13, 2024
1 parent 7c96161 commit d5224d2
Showing 1 changed file with 28 additions and 0 deletions.
28 changes: 28 additions & 0 deletions docs/advisories/20240913004-CISA-Siemens-New-ICS-Advisories.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# CISA and Siemens Release New ICS Advisories - 20240913004

## Overview

CISA and Siemens has released advisories for Industrial Control Systems (ICS) related products and vendors.

## What is vulnerable?

### Siemens Advisory

| Vendor | Advisory Link(s) | CVE # | CVSS | Severity |
| ------- | ------------------------------------------------------------------------------ | ----------------------------------------------------------------- | ---- | -------- |
| Siemens | [SSA-629254](https://cert-portal.siemens.com/productcert/html/ssa-629254.html) | [CVE-2024-35783](https://nvd.nist.gov/vuln/detail/CVE-2024-35783) | 9.4 | Critical |

### CISA Advisories

| Vendor | Advisory Link(s) |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Siemens | [ICSA-24-256-01](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-01) <br> [ICSA-24-256-02](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-02) <br>[ICSA-24-256-03](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-03) <br> [ICSA-24-256-04](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-04) <br> [ICSA-24-256-05](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-05) <br> [ICSA-24-256-06](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-06) <br> [ICSA-24-256-07](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07) <br> [ICSA-24-256-08](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-08) <br> [ICSA-24-256-09](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-09) <br> [ICSA-24-256-10](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-10) <br> [ICSA-24-256-11](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-11) <br> [ICSA-24-256-12](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-12) <br> [ICSA-24-256-13](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-13) <br> [ICSA-24-256-14](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-14) <br> [ICSA-24-256-15](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-15) <br> [ICSA-24-256-16](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16) |
| AutomationDirect | [ICSA-24-256-17](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17) |
| Rockewell Automation | [ICSA-24-256-18](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-18) <br> [ICSA-24-256-19](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-19) <br>[ICSA-24-256-20](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-20) <br> [ICSA-24-256-21](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-21) <br> [ICSA-24-256-22](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-22) <br> [ICSA-24-256-23](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-23) <br> [ICSA-24-256-24](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-24) <br> [ICSA-24-256-25](https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-25) |

## Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer [Patch Management](../guidelines/patch-management.md)):

- Siemens Advisory: <https://cert-portal.siemens.com/productcert/html/ssa-629254.html>
- CISA Advisory: <https://www.cisa.gov/news-events/alerts/2024/09/12/cisa-releases-twenty-five-industrial-control-systems-advisories>

0 comments on commit d5224d2

Please sign in to comment.