Review – Public ICS Disclosures – Week of 7-10-21 – Part 2

As has become typical for the weekend following the 2^nd Tuesday, we have a Part 2 to cover the disclosures and updates from Schneider and Siemens that were not addressed by NCCIC-ICS.

Schneider advisory #1 - Schneider published an advisory describing three vulnerabilities in their Easergy T300 RTU.

Schneider advisory #2 - Schneider published an advisory describing a deserialization of untrusted data vulnerability in their SoSafe Configurable product.

Schneider advisory #3 - Schneider published an advisory describing a missing authentication for critical function vulnerability in their Easergy T200 RTU.

Schneider advisory #4 - Schneider published an advisory describing thirteen vulnerabilities in their EVlink City, Parking and Smart Wallbox products.

Siemens advisory #1 - Siemens published an advisory discussing two buffer over-read vulnerabilities in a number of their products that utilize the WIBU CodeMeter Runtime product.

Siemens advisory #2 – Siemens published an advisory discussing a null pointer dereference vulnerability in a number of their products that utilize OpenSSL.

Siemens advisory #3 - Siemens published an advisory discussing the FragAttacks WiFi vulnerabilities in their SCALANCE product line.

Schneider update #1 - Schneider published an update for their Ripple20 advisory that was originally published on June 23, 2020 and most recently updated on May 11^th, 2021.

Schneider update #2 - Schneider published an update for their APC Ripple20 advisory that was  originally published on June 23, 2020 and most recently updated on January 12^th, 2021.

Schneider update #3 - Schneider published an update for their EcoStructure advisory that was originally published on December 8^th, 2020.

Schneider update #4 - Schneider published an update for their Triconex advisory that was originally published on May 11^th, 2021.

Schneider update #5 - Schneider published an update for their Treck TCP/IPv6 advisory that was originally published on December 18^th, 2020.

Schneider update #6 - Schneider published an update for their PLC Simulator advisory that was originally published on November 10^th, 2020 and most recently updated on June 8^th, 2021.

Siemens update - Siemens published an update for their GNU/Linux subsystem advisory advisory that was originally published in 2018 and most recently updated on May 11^th, 2021.

For a more detailed look at the advisories, including links to exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-part-2 - subscription required.