Review - 10 Updates Published – 6-8-21

Yesterday CISA’s NCCIC-ICS published updates for ten control system security advisories for products from Rockwell and Siemens (9).

Rockwell Update

This update provides additional information on an advisory that was originally published on October 10^th, 2020. This was originally published on the restricted HSIN site, so in effect this is the original public posting for this advisory. This update describes five vulnerabilities in the Rockwell ISaGRAF5 Runtime product.

Siemens Updates

• PROFINET Update #1 - This update provides additional information on an advisory that was originally published on May 9th, 2017 and most recently updated on March 9^th, 2021.

• Industrial Products Update #1 - This update provides additional information on an advisory that was originally published on December 5^th, 2017 and most recently updated on March 9^th, 2021.

• PROFINET Update #2 - This update provides additional information on an advisory that was originally published on October 10^th, 2019 and most recently updated on September 9^th, 2020.

• SIMATIC Update #1 - This update provides additional information on an advisory that was originally published on September 8^th, 2021.

• Industrial Products Update #2 - This update provides additional information on an advisory that was originally published on September 8^th, 2020 and most recently updated on April 13^th, 2021.

• SIMATIC Update #2 - This update provides additional information on an advisory that was originally published on July 9^th, 2020 and most recently updated on March 9^th, 2021.

• SINAMICS Update - This update provides additional information on an advisory that was originally published on April 13^th, 2021.

• Linux Based Products Update - This update provides additional information on an advisory that was originally published on May 11^th, 2021.

NOTE: Siemens published two additional updates that I will discuss in my ICS Public Disclosures post this weekend.

For a more detailed look at these updates see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/10-updates-published-6-8-21.  Subscription required.