CISA released eight Industrial Control Systems (ICS) advisories on January 30, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-030-01 Emerson Rosemount GC370XA, GC700XA, GC1500XA
• ICSA-24-030-02 Mitsubishi Electric FA Engineering Software Products
• ICSA-24-030-03 Mitsubishi Electric MELSEC WS Series Ethernet Interface Module
• ICSA-24-030-04 Hitron Systems Security Camera DVR
• ICSA-24-030-05 Rockwell Automation ControlLogix and GuardLogix 
• ICSA-24-030-06 Rockwell Automation FactoryTalk Service Platform
• ICSA-24-030-07 Rockwell Automation LP30/40/50 and BM40 Operator Interface
• ICSA-23-208-03 Mitsubishi Electric CNC Series (Update E)

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Juniper Networks released a security bulletin to address multiple vulnerabilities for J-Web in Junos OS SRX Series and EX Series. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper Bulletin JSA76390 and apply the necessary updates.

Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to advance and refine SBOM and ultimately promote adoption. Specifically, software producers often need to assemble and test products together before releasing them to customers. These products may contain components that experience version changes over time, therefore creating a need to be tracked. This document serves as a guide for creating the build for SBOM assembled products.  

For more information on all things SBOM, please visit CISA’s Software Bill of Materials website. 

Cisco released a security advisory to address a vulnerability (CVE-2024-20253) affecting multiple Unified Communications Products. A cyber threat actor could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Cisco Unified Communications Products Remote Code Execution Vulnerability advisory and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Thunderbird and Firefox. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

• Thunderbird 115.7
• Firefox ESR 115.7
• Firefox 122

CISA has issued Emergency Directive (ED) 24-01 Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities in response to active vulnerabilities in the following Ivanti products: Ivanti Connect Secure and Ivanti Policy Secure.
ED 24-01 directs all Federal Civilian Executive Branch (FCEB) agencies running Ivanti Connect Secure and Ivanti Policy Secure to:

• Implement the mitigations as detailed in the ED.
• Report indications of compromise to CISA.
• Remove compromised products from agency networks and follow the ED’s comprehensive instructions for restoring and bringing the products back into service.
• Apply the updates to the products within 48 hours of Ivanti releasing the updates.
• Provide CISA with a report that includes:
  • A complete inventory of all instances of Ivanti Connect Secure and Ivanti Policy Secure products on agency networks.
  • Details on actions taken and results.

Although this directive is only for FCEB agencies, CISA strongly encourages all organizations to address the vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure. For additional details, see CISA’s Alert, Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways, which CISA will update with further mitigations and patches as these become available.