Wednesday, May 12, 2021

6 Updates Published – 5-11-21

Yesterday CISA’s NCCIC-ICS published six updates for control system security advisories for products from Siemens (5) and Mitsubishi

Industrial Products Update

This update provides additional information on an advisory that was originally published on September 10th, 2019 [Corrected link and date - 7-14-21 7:33 EDT] and most recently updated on April 13th, 2021. The new information includes adding the following new affected products:

• TIM 3V-IE,

• TIM 3V-IE Advanced,

• TIM 3V-IE DNP3,

• TIM 4R-IE, and

• TIM 4R-IE DNP3

TightVNC Update

This update provides additional information on an advisory that was originally published on December 8th, 2020. Siemens revoked their underlying advisory; NCCIC-ICS update removes all of the affected products from their advisory. The original Kaspersky report did not mention Siemens products.

SIMARIS Update

This update provides additional information on an advisory that was originally published on February 9th, 2021. The new information includes:

• Updating affected product versions, and

• Providing mitigation measures.

SCALALNCE Update  

This update provides additional information on an advisory that was originally published on March 9th, 2021. The new information includes adding SIMATIC CP343-1 Advanced (incl. SIPLUS variants) to the list of affected products.

NOTE: NCCIC-ICS has still not added a reference/link to the current Siemens advisory (SSA-936080) for this vulnerability.

TCP/IP Stack Update

This update provides additional information on an advisory that was originally published on March 9th, 2021. The new information includes adding link of update version for SENTRON PAC3220.

Mitsubishi Update

This update provides additional information on an advisory that was originally published on December 8th, 2020. The new information includes:

• Adding re-boot information to ‘Risk Evaluation’,

• Updating affected version information,

• Adding mitigation information.

NOTE: NCCIC-ICS provided an incorrect date for the original version.

Other Updates

Siemens published to additional updates yesterday that NCCIC-ICS will not specifically address. I will discuss them this weekend.

Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */