Today CISA’s NCCIC-ICS published nine control system security advisories for products from Siemens. They also published nine advisory updates; I will address them separately.
SIMATIC Advisory - This advisory
describes an improper authentication vulnerability in the Siemens SIMATIC
S7-1200 Devices.
Solid Edge Advisory - This advisory
describes three vulnerabilities in the Siemens Solid Edge products.
SIMATIC Net Advisory - This advisory
describes two vulnerabilities in the Siemens SIMATIC products.
Energy Solutions Advisory - This advisory
describes an out-of-bounds write vulnerability in the Siemens Energy SGT
Solutions.
Industrial Products Advisory - This advisory
describes twelve instances of missing encryption of a sensitive data vulnerability
in the Siemens SIMATIC and SINUMERIK products.
SINEC Advisory - This advisory
describes an OS command injection vulnerability in the Siemens SINEC NMS.
JT2Go Advisory #1 - This advisory
describes three vulnerabilities in the Siemens JT2Go and Teamcenter
Visualization products.
Automation License Advisory - This advisory
describes an uncontrolled resource consumption vulnerability in the Siemens Automation
License Manager.
JT2Go Advisory #2 - This advisory
describes seven vulnerabilities in the Siemens JT2Go and Teamcenter
Visualization products.
Another Siemens Advisory - Siemens published one other advisory today. If NCCIC-ICS does not cover that Thursday, it will be covered here this weekend.
For more details on these advisories, including links to the
underlying third-party advisories and links to proof-of-concept code, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/9-advisories-published
- subscription required.
Posts
No comments:
Post a Comment