Thursday, November 11, 2021

Review - 13 Advisories Published – 11-11-21

Today, CISA’s NCCIC-ICS published 13 control system security advisories for products from Siemens (11), multiple data distribution system (DDS) implementations, and WECON. They also published five updates which I will address in a separate post.

Siemens published one other advisory Tuesday that I will cover this weekend.

Siveillance Advisory - This advisory discussing a path traversal vulnerability in the Siemens Siveillance Video DLNA Server.

NX JT Advisory - This advisory describes two vulnerabilities in the Siemens NX 1980 Series design software products.

SIMATIC Advisory #1 - This advisory describes three vulnerabilities in the Siemens SIMATIC RTLS Locating Manager.

SENTRON Advisory - This advisory describes an incorrect permission assignment for critical function vulnerability in the Siemens SENTRON power manager.

Climatix Advisory - This advisory describes a missing encryption of sensitive data vulnerability in the Siemens Climatix POL909 advanced web module.

NX OBJ Advisory - This advisory describes two vulnerabilities in the Siemens NX products.

Nucleus RTOS Advisory - This advisory discusses 13 vulnerabilities in the Siemens APOGEE and TALON Products.

SCALANCE Advisory - This advisory describes six vulnerabilities in the SCALANCE W1750D.

Mendix Studio Advisory - This advisory describes two incorrect authorization vulnerabilities in the Siemens Mendix Studio Pro.

Mendix Advisory - This advisory describes a use of web browser cache containing sensitive information vulnerability in Mendix Applications.

SIMATIC Advisory #2 - This advisory describes three vulnerabilities in the Siemens SIMATIC WinCC.

Multiple DDS Advisory - This advisory describes 13 vulnerabilities in Object Management Group (OMG) Data-Distribution Service (DDS) implementations from Eclipse, eProsima, GurumNetworks, Object Computing, Inc. (OCI), Real-Time Innovations (RTI), and TwinOaks Computing.

WECON Advisory - This advisory describes two vulnerabilities in the WECON PLC Editor ladder logic software.

For more details about these advisories, including links to researcher reports and 3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/13-advisories-published-11-11-21 - subscription required.

No comments:

 
/* Use this with templates/template-twocol.html */