Three New ICS Advisories Released by CISA Detailing Vulnerabilities & Mitigations

The Cybersecurity and Infrastructure Security Agency (CISA) announced three new Industrial Control Systems (ICS) advisories.

These advisories provide critical insights into vulnerabilities impacting Traffic Alert and Collision Avoidance Systems (TCAS) II, Siemens SIMATIC S7-1200 CPUs, and ZF Roll Stability Support Plus (RSSPlus).

Each advisory includes detailed technical descriptions of the vulnerabilities, associated CVEs, and recommended mitigation measures to safeguard affected systems.

1. Traffic Alert and Collision Avoidance System (TCAS) II: Serious Safety Risks Identified

The TCAS II, widely used in aviation for collision avoidance, has been found to have two significant vulnerabilities: reliance on untrusted inputs in security decisions (CVE-2024-9310) and external control of system settings (CVE-2024-11166).

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

These flaws are exploitable from adjacent networks and could compromise the safety of air traffic management systems.CVE-2024-9310 involves the use of spoofed radio frequency (RF) signals to create ...