This afternoon the DHS ICS-CERT updated their advisory for the Siemens vulnerability that they recently noted may be involved in some of the BlackEnergy attacks. Siemens reported two additional product variants for which there is now version that is resistant to the exploit of this vulnerability. Neither Siemens nor ICS-CERT have yet identified exactly what the vulnerabilities are; just what could result from a successful exploit. Hopefully that will change when the last two products are also protected.
I was a little surprised to see ICS-CERT get this update out this afternoon; after all Siemens only published their version this morning. I guess that now that ICS-CERT thinks that this might be involved in the BlackEnergy series of attacks (that ICS-CERT is only really explaining in classified briefings), they think that it may be important to get this information out to owners of potentially affected systems.