The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

• On November 21, 2024, CISA Released Seven Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
  • Automated Logic WebCTRL Premium Server
  • OSCAT Basic Library – Used in Water and Wastewater Systems and Energy
  • Schneider Electric Modicon M340, MC80, and Momentum Unity M1E (x2) – Used in Energy
  • Schneider Electric EcoStruxure IT Gateway – Used in Energy
  • Schneider Electric PowerLogic PM5300 Series – Used in Energy
  • mySCADA myPRO Manager

Additional Alerts, Updates, and Bulletins:

• November 21 - CISA Adds Three Known Exploited Vulnerabilities to Catalog
• November 20 - CISA Adds Two Known Exploited Vulnerabilities to Catalog
• Apple Releases Security Updates for Multiple Products  
• CISA Releases Insights from Red Team Assessment of a U.S. Critical Infrastructure Sector Organization
• 2024 CWE Top 25 Most Dangerous Software Weaknesses
• CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory
• USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication