Tuesday, August 10, 2021

Review - 9 Advisories Published – 8-10-21

Today CISA’s NCCIC-ICS published nine control system security advisories for products from Siemens. They also published nine advisory updates; I will address them separately.


SIMATIC Advisory - This advisory describes an improper authentication vulnerability in the Siemens SIMATIC S7-1200 Devices.

Solid Edge Advisory - This advisory describes three vulnerabilities in the Siemens Solid Edge products.

SIMATIC Net Advisory - This advisory describes two vulnerabilities in the Siemens SIMATIC products.

Energy Solutions Advisory - This advisory describes an out-of-bounds write vulnerability in the Siemens Energy SGT Solutions.

Industrial Products Advisory - This advisory describes twelve instances of missing encryption of a sensitive data vulnerability in the Siemens SIMATIC and SINUMERIK products.

SINEC Advisory - This advisory describes an OS command injection vulnerability in the Siemens SINEC NMS.

JT2Go Advisory #1 - This advisory describes three vulnerabilities in the Siemens JT2Go and Teamcenter Visualization products.

Automation License Advisory - This advisory describes an uncontrolled resource consumption vulnerability in the Siemens Automation License Manager.

JT2Go Advisory #2 - This advisory describes seven vulnerabilities in the Siemens JT2Go and Teamcenter Visualization products.

Another Siemens Advisory - Siemens published one other advisory today. If NCCIC-ICS does not cover that Thursday, it will be covered here this weekend.


For more details on these advisories, including links to the underlying third-party advisories and links to proof-of-concept code, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/9-advisories-published - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */