For Part 2, we have three vendor advisories from Schneider Electric. We also have six vendor updates for products from Schneider (2) and Siemens (4).
Schneider Advisory #1 - Schneider published an
advisory describing two vulnerabilities in their Interactive Graphical
SCADA System (IGSS) data collector.
Schneider Advisory #2 - Schneider published an
advisory describing seven vulnerabilities in their EVlink City / Parking /
Smart Wallbox Charging Stations.
Schneider Advisory #3 - Schneider published an
advisory describing two separate input validation vulnerabilities in their EcoStruxure
Power Monitoring Expert product.
Schneider Update #1 - Schneider published an
update for their BadAlloc
advisory that was originally
published on November 9th, 2021 and most recently updated on November
17th, 2021.
Schneider Update #2 - Schneider published an
update for their Web Server on Modicon M580 Controllers that was originally
published on December 8th, 2020 and most
recently updated on May 11th, 2021.
Siemens Update #1 - Siemens published an update
for their NUCLEUS:13
advisory that was originally
published on November 9th, 2021.
NOTE: NCCIC-ICS did not update their advisory (ICSA-21-313-03)
to reflect this change.
Siemens Update #2 - Siemens published an update
for their SIMATIC NET CP Modules advisory that was originally
published on September 9th, 2021.
NOTE: NCCIC-ICS did not update their advisory (ICSA-21-257-06)
to reflect this change.
Siemens Update #3 - Siemens published an update
for their WIBU CodeMeter advisory that was originally
published on November 9th, 2021.
Siemens Update #4 - Siemens published an update for their OpenSSL vulnerabilities advisory that was originally reported on July 13th, 2021 and most recently updated on November 9th, 2021.
For more details on the advisories and updates, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-f8e
- subscription required.
Posts
No comments:
Post a Comment