CISA Releases Three Industrial Control Systems Advisories

09/26/2022 02:16 PM EDT

Original release date: September 26, 2022 | Last revised: September 27, 2022

CISA has released three (3) Industrial Control Systems (ICS) advisories on September 27th, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:

•    ICSA-22-270-01 Hitachi Energy AFS
•    ICSA-22-270-02 Hitachi Energy APM Edge
•    ICSA-22-270-03 Rockwell Automation ThinManager ThinServer

This product is provided subject to this Notification and this Privacy & Use policy.

CISA and NSA Publish Joint Cybersecurity Advisory on Control System Defense

09/22/2022 10:59 AM EDT

Original release date: September 22, 2022

CISA and the National Security Agency (NSA) have published a joint cybersecurity advisory about control system defense for operational technology (OT) and industrial control systems (ICSs). Control System Defense: Know the Opponent is intended to provide critical infrastructure owners and operators with an understanding of the tactics, techniques, and procedures (TTPs) used by malicious cyber actors. This advisory builds on NSA and CISA 2021 guidance provided to stop malicious ICS activity against connect OT, and 2020 guidance to reduce OT exposure.

CISA and NSA encourage critical infrastructure owners and operations to review the advisory, [Control System Defense: Know the Opponent], and apply the recommended mitigations and actions. For more information on CISA’s resources and efforts to improve ICS cybersecurity, visit CISA’s role in industrial control systems webpage.

This product is provided subject to this Notification and this Privacy & Use policy.

ICSJWG Spring 2022 Virtual Meeting

04/13/2022 11:00 AM EDT

Original release date: April 13, 2022

The Industrial Control Systems Joint Working Group (ICSJWG) will hold its Spring 2022 Virtual Meeting April 26–27. ICSJWG meetings facilitate relationship building among critical infrastructure stakeholders and owners/operators of industrial control systems, idea exchanges regarding critical issues affecting industrial control systems (ICS) cybersecurity, and information sharing to reduce the risk to the nation’s industrial control systems.

The ICSJWG Spring 2022 Virtual Meeting will feature two full days of presentations, technical workshop presentations, and an ICS Training overview of Cyber-CHAMP©. ICSJWG meetings are open to all who are interested and are free for all attendees. Visit the ICSJWG website or the ICSJWG Spring 2022 Virtual Meeting website to register or to learn more.

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Updates

03/24/2022 06:27 AM EDT

Original release date: March 24, 2022

VMware has released security updates to address multiple vulnerabilities in VMware Carbon Black App Control software. A remote attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0008 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Security Advisory on Siemens Nucleus Real-Time Operating Systems

11/09/2021 11:58 AM EST

Original release date: November 9, 2021

CISA has released an Industrial Control Systems (ICS) advisory detailing multiple vulnerabilities found in Siemens Nucleus Real-Time Operating Systems (RTOS) and supporting libraries. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review ICS Advisory: ICSA-21-313-03 Siemens Nucleus RTOS TCP/IP Stack for more information and apply the necessary mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.