Review - Public ICS Disclosures – Week of 11-6-21 – Part 2

For Part 2 this week there was an unusual cybersecurity bulletin from Schneider. We also had six advisories from Siemens and Schneider (5). Finally, there were nine updates from Siemens (6) and Schneider (3).

Schneider Bulletin - Schneider published a security bulletin announcing that there had been a number of attacks reported against g KNX home and building automation systems.

Siemens Advisory - Siemens published an advisory discussing a denial-of-service vulnerability in multiple products.

Schneider Advisory #1 - Schneider published an advisory describing an improper check for exceptional or unusual conditions vulnerability in their SCADAPack 300E Series RTU products.

Schneider Advisory #2 - Schneider published an advisory describing an insufficient entropy vulnerability in their Software Update product.

Schneider Advisory #3 - Schneider published an advisory discussing the PrintNightmare vulnerabilities in their EcoStruxure Process Expert product.

Schneider Advisory #4 - Schneider published an advisory discussing the BadAlloc vulnerabilities in multiple products.

Schneider Advisory #5 - Schneider published an advisory for unenumerated vulnerabilities (with no CVE listings) in their TelevisAir V3.0 Dongle BTLE.

Siemens Update #1 - Siemens published an update for their NAME:WRECK advisory that was originally published on April 13^th, 2021.

Siemens Update #2 - Siemens published an update for their Nucleus RTOS advisory that was originally published on February 9^th, 2021.

Siemens Update #3 - Siemens published an update for their GNU/Linux advisory that was originally published in 2018 and most recently updated on October 12^th, 2021.

Siemens Update #4 - Siemens published an update for their WIBU systems advisory that was originally published on July 13^th, 2021 and most recently updated on September 14^th, 2021.

Siemens Update #5 - Siemens published an update for their NAME:WRECK advisory that was originally published on April 13^th, 2021.

Siemens Update #6 - Siemens published an update for their OpenSSL advisory that was originally reported on July 13^th, 2021 and most recently updated on September 14^th, 2021.

Schneider Update #1 - Schneider published an update for their ISaGRAF advisory that was originally published on June 8^th, 2021 and most recently updated on September 14^th, 2021.

Schneider Update #2 - Schneider published an update for their Ripple20 advisory that was  originally published on June 23, 2020 and most recently updated on August 10^th, 2021.

Schneider Update #3 - Schneider published an update for their Modicon Controllers advisory that was originally published on May 18^th, 2019 and most recently updated on June 8^th,2021.

For more details on these bulletins, advisories and updates, including links to third-party advisories and exploits, see my article at - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-8ae - subscription required.