Public ICS Disclosures – Week of 10-9-21 – Part 2

This week we have four vendor disclosures from Schneider and three updates from Siemens.

Schneider Advisory #1 - Schneider published an advisory describing an incorrect resource transfer between spheres vulnerability in their spaceLYnk, Wiser For KNX, and fellerLYnk products.

Schneider Advisory #2 - Schneider published an advisory describing an improper input validation vulnerability in their Modicon M218 Logic Controller product.

Schneider Advisory #3 - Schneider published an advisory describing 11 vulnerabilities in their Conext™ Advisor 2 and Conext™ Control V2 products.

Schneider Advisory #4 - Schneider published an advisory discussing the Amnesia:33 vulnerabilities in their Modicon TM5 modules.

Siemens Update #1 - Siemens published an update of their GNU/Linux advisory that was originally published in 2018 and most recently updated on September 14^th, 2021.

Siemens Update #2 - Siemens published an update of their Amnesia:33 advisory that was originally published on March 9^th, 2021 and most recently updated on August 10^th, 2021.

NOTE: NCCIC-ICS did not update their advisory (ICSA-21-068-06) for these vulnerabilities.

Siemens Update #3 - Siemens published an update of their FragAttacks advisory that was originally published on July 13^th, 2021.

For additional information on these disclosures, including links to 3^rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-d2a - subscription required.