1.0 Introduction
Recently, CISA released six Industrial Control Systems (ICS) advisories on March 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
2.0 Affected Products
- Siemens SCALANCE, RUGGEDCOM Third-Party
- Siemens RUGGEDCOM CROSSBOW V5.3
- Siemens RUGGEDCOM CROSSBOW V5.2
- Siemens SCALANCE W1750D Devices
- Siemens Mendix SMAL Module
- Honeywell OneWireless Wireless Device Manager
- Rockwell Automation Modbus TCP AOI Server
- AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere (Update A)
4.0 Recommendations
MyCERT encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:
- ICSA-23-075-01Β Siemens SCALANCE, RUGGEDCOM Third-PartyΒ –Β https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01
- ICSA-23-075-02Β Siemens RUGGEDCOM CROSSBOW V5.3Β –Β https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-02
- ICSA-23-075-03Β Siemens RUGGEDCOM CROSSBOW V5.2Β –Β https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-03
- ICSA-23-075-04Β Siemens SCALANCE W1750D DevicesΒ –Β https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-04
- ICSA-23-075-05Β Siemens Mendix SMAL ModuleΒ –Β https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-05
- ICSA-23-075-06Β Honeywell OneWireless Wireless Device ManagerΒ –Β https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-06
- ICSA-23-075-07Β Rockwell Automation Modbus TCP AOI ServerΒ –Β https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-07
- ICSA-22-342-02Β AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere (Update A)Β –Β https://www.cisa.gov/news-events/ics-advisories/icsa-22-342-02
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
