CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 29, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Nine Industrial Control Systems Advisories

Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.

• Delta Electronics InfraSuite Device Master – Product used in Energy Sector
• Schneider Electric EcoStruxure – Product used in Energy Sector
• Ovarro TBox RTUs – Product used in Energy and Water and Wastewater Sector
• Mitsubishi Electric MELSEC-F Series
• Medtronic Paceart Optima System
• Rockwell Automation CompactLogix 5370 (Update A)
• Mitsubishi Electric Multiple Products (Update F)
• Mitsubishi Electric FA Engineering Software (Update B)
• Enphase Installer Toolkit Android App (Update A) – Product used in Energy Sector

Alerts, Updates, and Bulletins:

• CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments
• 2023 CWE Top 25 Most Dangerous Software Weaknesses
• CISA Adds Eight Known Exploited Vulnerabilities to Catalog