Today, CISA’s NCCIC-ICS published two control system security advisories for products from Schneider and Siemens. The respective company advisories for these two NCCIC-ICS advisories were published on Tuesday, so I will not now need to discuss these this weekend with the remainder of the advisories and updates these companies published that were not covered by NCCIC-ICS.
Schneider Advisory - This advisory
describes a path traversal vulnerability in the Schneider EcoStruxure Control
Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70 products.
Siemens Advisory - This advisory describes three vulnerabilities in the Siemens RUGGEDCOM ROX switches.
For more details on these two advisories, including information on an incorrect CVE number, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-published-9-16-21 - subscription required.
No comments:
Post a Comment