Wednesday, January 13, 2021

7 Updates Published – 1-12-21

Yesterday CISA’s NCCIC-ICS published seven updates for control system security advisories for products from Siemens.

PROFINET Update

This update provides additional information on an advisory that was originally published on October 10th, 2019 and most recently updated on September 8th, 2020. The new information includes:

• Updating affected version information and adding mitigation measures for or SIMATIC ET200SP IM155-6 PN HA, and

• Listing ecoPN model (6ES7148-6JG00-0BB0) as not affected.

TIA Portal Update

This update provides additional information on an advisory that was originally published on January 14th, 2020 and most recently updated on April 14th, 2020. The new information includes updating affected version information and adding mitigation measures for TIA Portal V14.

Simatic PCS 7 Update

This update provides additional information on an advisory that was originally published on February 11th, 2020 and most recently updated on September 8th, 2020. The new information includes adding mitigation measures for SIMATIC WinCC (TIA Portal) V14.

SCALANCE Update

This update provides additional information on an advisory that was originally published on April 14th, 2020 and most recently updated on September 8th, 2020. The new information includes removing the SCALANCE S-600 family as it is not affected.

SIMOTICS Update

This update provides additional information on an advisory that was originally published on April 14th, 2020. The new information includes updating affected versions and adding mitigation measures for:

• Desigo PXC, and

• Desigo PXM20

SIMATIC Update

This update provides additional information on an advisory that was originally published on July 9th, 2020 and most recently updated on December 8th, 2020. The new information includes updating affected versions and adding mitigation measures for:

• SIMATIC STEP 7 (TIA Portal) V14, and

• SIMATIC WinCC Runtime Professional V14

Opcenter Update

This update provides additional information on an advisory that was originally published on July 14th, 2020 and most recently updated on August 11th, 2020. Then new information includes:

• Adding an insufficiently protected credentials vulnerability - CVE-2020-28390, and

• Updating mitigation measures

 

Additional Siemens Advisory

 

Siemens published one additional advisory that was not addressed by NCCIC-ICS yesterday. I will address that this weekend.

No comments:

 
/* Use this with templates/template-twocol.html */