Yesterday CISA NCCIC-ICS published 11 control system
security updates for products from Siemens (10) and Treck. They also published
a medical device security update for products from Baxter.
PROFINET Update #1
This update
provides additional information on an advisory that was originally
published on May 9th, 2017 and most
recently updated on October 8th, 2019. The new information includes
adding SIMATIC TDC CP51M1 and CPU555 to the list of affected products.
Industrial Products Update #1
This update
provides additional information on an advisory that was originally
published on December 5th, 2017 and most
recently updated on October 8th, 2019. The new information
includes adding SIMATIC TDC CP51M1 and CPU555 to the list of affected products.
SCALANCE Update
This update
provides additional information on an advisory that was originally
published on August 15th, 2019. The new information includes
adding mitigation links and updating affected version data for SCALANCE XB-200, XC-200, XP-200,XF-200BA and
XR-300WG.
PROFINET Update #2
This update
provides additional information on an advisory that was originally
published on October 10th, 2019 and most
recently updated on March 14th, 2020. The new information
includes adding SIMATIC TDC CP51M1 and
CPU555 to the list of affected products.
S7-1200 Update
This update
provides additional information on an advisory that was originally
published on November 14th 2019 and most recently updated on
December 10th, 2019. The new information includes mitigation links
and updated version information for SIMATIC S7-1200 and SIMATIC S7-200 SMART.
SIMATIC Update #1
This update
provides additional information on an advisory that was originally
published on February 11th, 2020 and most
recently updated on May 12th, 2020. The new information includes
mitigation links and updated version information for SIMATIC PCS 7 V9.0.
Industrial Products Update #2
This update
provides additional information on an advisory that was originally
published on February 11th, 2020. The new information includes
mitigation links and updated version information for IE/PB LINK PN IO.
SIMATIC Update #2
This update
provides additional information on an advisory that was originally
published on March 10th, 2020. The new information includes:
• Adding SIMATIC TDC CP51M1 and
SIMATIC TDC CPU555 to the list of affected products, and
• Adding mitigation links and
updated affected version information for SINUMERIK 840D sl.
SIMATIC Update #3
This update
provides additional information on an advisory that was originally
published on July 9th, 2020. The new information includes
mitigation links and updated version information for SIMATIC PCS 7 V9.0.
SIMATIC Update #4
This update
provides additional information on an advisory that was originally
published on July 9th, 2020. The new information includes mitigation
links and updated version information for:
• SIMATIC STEP 7 V13,
• SIMATIC STEP 7 V16,
• SIMATIC WinCC Runtime
Professional V13,
• SIMATIC WinCC Runtime
Professional V16, and
• SIMATIC WinCC Runtime Advanced
Treck Update
This update
provides additional information on an advisory that was was originally
published on June 16th, 2020 and most
recently updated on July 7th, 2020. The new information includes
links to vendor advisories from DIGI
International and Meile.
NOTE 1: I briefly
mentioned the Meile advisory last Saturday.
NOTE 2: NCCIC-ICS missed the Siemens' Treck related advisory,
more on that this weekend.
Baxter Update
This update
provides additional information on an advisory that was was originally
reported on June 18th, 2020 and most
recently updated on June 23rd, 2020. The new information includes
additional mitigation information for one version of Prismaflex.
Other Siemens Updates
There were two additional updated advisories published
yesterday by Siemens that were not addressed by NCCIC-ICS. I will look at
those on Saturday.
Posts
No comments:
Post a Comment