Today the DHS ICS-CERT published updates or three previously published advisories. One of the three updates reports additional systems that have had the problem associated with the advisory. Another limits the some of the systems affected by the problem. The third announces the availabililtiy of another system update.
HMI Devices Update
This updates the Siemens advisory from earlier this month for vulnerabilities in various SIMATIC HMI devices. This update actually extends the advisory to PCS 7 devices and notes that an update is available for those systems. Siemens has published a new advisory for the PCS 7 vulnerability since it has only one (CVE-2015-2823) of the three vulnerabilities noted in the original advisory.
This updates an advisory issued last month for an insufficiently qualified paths vulnerability for a variety of Siemens products. The advisory limits some of the versions of previously identified systems that are susceptible to this vulnerability. Those systems are STEP 7 V5.5 SP3, and PCS 7 V8.0 SP2: all versions. The Siemens update for this vulnerability lists each of the versions that have had updates published.