CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – December 16, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

• Xylem AquaView – Product Used in the Water and Wastewater Sector
• Delta Electronics CNCSoft
• Wibu-Systems CodeMeter Runtime
• Mitsubishi Electric GX Works2
• Mitsubishi Electric FA Engineering Software
• Siemens Capital VSTAR
• Siemens POWER METER SICAM Q100
• Siemens JTTK and JT Utilities
• Siemens SINUMERIK Edge
• Siemens JT2Go and Teamcenter Visualization
• Siemens SIMATIC eaSie PCS 7 Skill Package
• Siemens SIMATIC ITC – Products Used in the Water and Wastewater and Energy Sectors
• Siemens Questa and ModelSim
• Siemens Siveillance Identity
• Siemens Simcenter STAR-CCM+ Viewer
• Siemens Healthineers syngo fastView
• Siemens JT Utilities and JT Open Toolkit
• Siemens Teamcenter Active Workspace
• Siemens SiPass Integrated
• Siemens JTTK and JT Utilities
• Siemens Nucleus RTOS-based APOGEE and TALON Products (Update A)
• Delta Electronics DIAEnergie (Update A)
• HCC Embedded InterNiche TCP/IP stack, NicheLite (Update B)
• Siemens Linux-based Products (Update G)
• Mitsubishi Electric MELSEC iQ-R Series (Update C)
• Siemens SIMOTICS, Desigo, APOGEE, and TALON (Update B) – Products Used in the Water and Wastewater and Energy Sectors
• Siemens TIA Portal (Update C) – Products Used in the Water and Wastewater and Energy Sectors

Alerts, Updates, and Bulletins:

• Immediate Steps to Strengthen Critical Infrastructure against Potential Cyberattacks
• Preparing for and Mitigating Potential Cyber Threats
• CISA Adds Two Known Exploited Vulnerabilities to Catalog
• Microsoft Releases December 2021 Security Updates
• SAP Releases December 2021 Security Updates