Yesterday the CISA NCCIC-ICS updated eleven control system security advisories for products from Siemens (9), dnsmasq by Simon Kelley, and Luxion.
PROFINET DCP Update
This update provides additional information on an advisory that was originally published on May 9th, 2017 and most recently updated on August 11th, 2020. The new information includes:
• Adding ecoPN model
(6ES7148-6JG00-0BB0) as not affected
• Adding MV400 to the affected
product list and providing mitigation measures, and
• Updating CWE classification for CVE-2017-2680 and CVE-2017-2681
Industrial Products Update
This update provides additional information on an advisory that was originally published on December 5th, 2017 and most recently updated on August 11th, 2020. The new information includes adding ecoPN model (6ES7148-6JG00-0BB0) as not affected.
SINEMA Update
This update provides additional information on an advisory that was originally published on April 9th, 2019. The new information includes adding CVE-2019-3823, the third-party (libcurl) heap out-of-bounds read vulnerability.
SIMATIC Update #1
This update provides additional information on an advisory that was originally published on June 11th, 2019. The new information includes adding mitigation measures for or MV400.
PROFINET-IO Stack Update
This update provides additional information on an advisory that was originally published on February 11th, 2020 and most recently updated on December 8th, 2020. The new information includes:
• Adding ecoPN model
(6ES7148-6JG00-0BB0) as not affected, and
• Adding mitigation information for MV400
NOTE: NCCIC-ICS provided the original publication date not the date of the last update in the Update Information.
KTK Update
This update provides additional information on an advisory that was originally published on April 14th, 2020 and most recently updated on May 12th, 2020. The new information includes adding Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (P) to the list of affected products.
SIMATIC Update #2
This update provides additional information on an advisory that was originally published on July 9th, 2020 and most recently updated on January 12th, 2021. The new information includes adding mitigation measures for:
• SINUMERIK ONE Virtual, and
• SINUMERIK Operate
NOTE: NCCIC-ICS missed the date of the previous update in the Update Information of this advisory, providing the one before instead.
UMC Stack Update
This update provides additional information on an advisory that was originally published on July 14th, 2020 and most recently updated on February 9th, 2021. The new information includes adding mitigation measures for SIMATIC IT Production Suite.
Embedded TCP/IP Stack Update
This update provides additional information on an advisory that was originally published on December 12th, 2020 and most recently updated on February 9th, 2021. The new information includes:
• Adding mitigation measures for SIRIUS
3RW5 communication module Modbus TCP, and
• Adding reference to additional AMNESIA:33 advisory (SSA-541018)
DNSMASQ Update
This update provides additional information on an advisory that was originally published on January 19th, 2021. The new information includes publishing a link to the Siemens advisory that was originally published on January 19th, 2021 and updated yesterday.
Luxion Update
This update provides additional information on an advisory that was originally published on February 4th, 2021. The new information includes adding a link to a Siemens advisory for products affected by this vulnerability.
NOTE: Note the Siemens advisory is one of the two unlisted advisories that I mentioned in the close of last night’s blog post.
Other Siemens Updates
Yesterday Siemens published
three other updates that were not covered by NCCIC-ICS yesterday. I will
discuss them this weekend.
Posts
No comments:
Post a Comment