This afternoon the DHS ICS-CERT updated the
advisory that it had issued earlier this week for the Siemens RuggedCom
Devices. The update
corrects an error in list of affected products.
The original advisory listed “RuggedCom devices with ROX:
All firmware versions prior to v2.6.3”. The new version shows “RuggedCom
devices with ROX II: All firmware versions” and then specifically notes that “ROX
I” devices are not affected. This change reflects the information that was
printed in the original Siemens
Advisory and is not because of any change initiated by Siemens.
I learned of the updated version from a Tweet made
by ICS-CERT. The changed advisory is not on top of the list of advisories provided
on their landing
page that would typically indicate that it was added today. What has been
done is that the original listing made on July 21st has been changed to reflect
the new advisory number (‘A’ added to the end of the original) and has the
words “Update A” added at the end of the title.
Since we saw the same thing last week with the updated
Schneider advisory, I think that this may reflect a change in the way that
ICS-CERT is running their list of vulnerabilities. The list on the landing page
will only show the vulnerability listing on its original order making it very
difficult to tell when an advisory is updated. And the older advisories drop
off the landing page as new ones are added. Fortunately they are announcing the
updates on Twitter (@ICS-CERT) so we
can keep track of them that way as long as they continue to do this.
Posts
No comments:
Post a Comment