Wednesday, February 10, 2021

12 Updates Published – 2-9-21

Yesterday CISA’s NCCIC-ICS updated twelve control system security advisories for products from Siemens.

SCALANCE Update #1

This update provides additional information on an advisory that was originally published on June 11th, 2019 and most recently updated on January 14th, 2020. The new information includes updating affected version and mitigation measures for SCALANCE X-200IRT switch family.

SCALANCE Update #2

This update provides additional information on an advisory that was originally published on August 13th, 2019 and most recently updated on August 20th, 2019. The new information includes updating affected version and mitigation measures for SCALANCE X-200IRT switch family.

IRT Devices Update

This update provides additional information on an advisory that was originally published on October 10th, 2019 and most recently updated on August 11th, 2020. The new information includes adding SIMATIC ET200ecoPN model (6ES7148-6JG00-0BB0) as not affected.

Industrial Products Update #1

This update provides additional information on an advisory that was originally published on February 11th, 2020 and most recently updated on August 11th, 2020. The new information includes updating affected version information and mitigation measures for SIMATIC NET CP 1626.

SCALANCE Update #3

This update provides additional information on an advisory that was originally published on April 14th, 2020 and most recently updated on September 8th, 2020. The new information includes updating affected version and mitigation measures for SCALANCE X-200IRT switch family.

Climatix Update

This update provides additional information on an advisory that was originally published on April 14th, 2020. The new information includes updating affected version information and mitigation measures for POL909 (AWM Module).

UMC Stack Update

This update provides additional information on an advisory that was originally published on July 14th, 2020 and most recently updated on December 8th, 2020. The new information includes updating affected version information and mitigation measures for:

• SIMOCODE ES V15, and

• Soft Starter ES V15

Industrial Products Update #2

This update provides additional information on an advisory that was originally published on September 8th, 2020 and most recently updated on December 8th, 2020. The new information includes updating affected version information and mitigation measures for:

• SIMATIC Field PG M5, and

• SIMATIC Field PG M6

Amnesia33 Stack Update

This update provides additional information on an advisory that was originally published on December 12th, 2020. The new information includes adding the following affected SENTRON products:

• PAC2200,

• PAC3200T,

• 3VA COM100/800, and

• 3VA DSP800)

SCALANCE Update #4

This update provides additional information on an advisory that was originally published on January 12th, 2021. The new information includes updating affected version and mitigation measures for SCALANCE X-200IRT switch family.

JT2Go Update

This update provides additional information on an advisory that was originally published on January 12th, 2021. The new information includes adding mitigation measures for three of the reported CVE’s:

• CVE-2020-26989,

• CVE-2020-26990, and

• CVE-2020-26991

SCALANCE Update #5

This update provides additional information on an advisory that was originally published on January 12th, 2021. The new information includes updating affected version and mitigation measures for SCALANCE X-200IRT switch family.

Other Siemens Updates

Siemens published four additional advisory updates that were not addressed yesterday by NCCIC-ICS. I will report on those this weekend.

No comments:

 
/* Use this with templates/template-twocol.html */