The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

• On October 17, 2024, CISA Released Seven Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
  • Elvaco M-Bus Metering Gateway CMe3100 – Used in Energy
  • LCDS LAquis SCADA – Used in Water and Wastewater Systems and Energy
  • Mitsubishi Electric CNC Series – Used in Energy
  • HMS Networks EWON FLEXY 202 – Used in Water and Wastewater Systems and Energy
  • Kieback&Peter DDC4000 Series
  • goTenna Pro X and Pro X2 (Update A)
  • goTenna Pro ATAK Plugin (Update A)

Additional Alerts, Updates, and Bulletins:

• CISA Adds One Known Exploited Vulnerability to Catalog
  Oracle Releases Quarterly Critical Patch Update Advisory for October 2024
• CISA and FBI Release Joint Guidance on Product Security Bad Practices for Public Comment
• CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force
• Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)