Yesterday the DHS NCCIC-ICS published two control system security
advisories for products from Siemens. They also published five control system
updates for products from Interpeak (2) and Siemens (3) and a medical device
update for Philips.
PROFIET Advisory
This advisory
describes an uncontrolled resource consumption vulnerability in the Siemens PROFINET
Devices. Siemens self-reported the vulnerability. Siemens has new versions for
many of the affected versions that mitigate the vulnerability and provides
generic workarounds for the rest while formal mitigation measures are developed.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to cause a denial-of-service
condition.
IRT Devices Advisory
This advisory
describes an improper input validation vulnerability in the Siemens Industrial
Real-Time (IRT) Devices. Siemens self-reported the vulnerability. Siemens has
new versions for many of the affected versions that mitigate the vulnerability
and provides generic workarounds for the rest while formal mitigation measures
are developed.
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit this vulnerability to cause a denial-of-service
condition.
Interpeak Update #1
This update
provides additional information on an advisory that was originally
published on October 1st, 2019 and last
updated on October 3rd, 2019. The new information includes:
• Updated mitigation information for Enea and Green
Hills Software; and
Interpeak Update #2
This update
provides additional information on an advisory that was originally
published on October 1st, 2019. The new information includes
updated mitigation information for Enea and Green Hills Software.
SIMATIC Update #1
This update
provides additional information on an advisory that was originally
published on July 11th, 2019 and last
updated on September 10th, 2019. The new information includes:
• Updated remediation for SIMATIC WinCC Runtime
Professional V15;
• Updated affected versions and mitigation
information for:
◦ SIMATIC WinCC Professional (TIA Portal V14); and
◦ SIMATIC WinCC Professional (TIA Portal V15)
SIMATIC Update #2
This update
provides additional information on an advisory that was originally
published on July 9th, 2019 and last
updated on September 10th, 2019. The new information includes:
• Updated remediation for SIMATIC WinCC Runtime
Professional V15;
• Updated affected versions and mitigation
information for:
◦ SIMATIC WinCC Professional (TIA Portal V14); and
◦ SIMATIC WinCC Professional (TIA Portal V15)
Industrial Products Update
This update
provides additional information on an advisory that was originally
published on November 8th, 2016 and last
updated on June 14th, 2018. The new information includes:
• Merged WinAC RTX 2010 SP2 and WinAC RTX F 2010 SP2
to SIMATIC WinAC RTX (F) 2010; and
• Added mitigation information for SIMATIC WinAC RTX
(F) 2010
Philips Update
This update
provides additional information on an advisory that was originally
published on May 3rd, 2018. The added information includes an
additional affected product that is out of support.
Other Siemens Advisories
There is still one advisory and two updates that Siemens published
on October 8th that have not been addressed by NCCIC-ICS. I will
report on those tomorrow.
Posts
No comments:
Post a Comment