Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Siemens (4), Siemens Electric, and Mitsubishi (2). They also published three updates for products from Mistusbishi, Siemens, and Trane.
SICAM Advisory #1 - This advisory
describes an unquoted search path or element vulnerability in their SICAM PQ
Analyzer.
SICAM Advisory #2 - This advisory
describes two vulnerabilities in the Siemens SICAM A8000.
COMOS Advisory - This advisory
describes four vulnerabilities in the Siemens COMOS Web unified data platform.
SIPROTEC Advisory - This advisory
describes an improper input validation vulnerability in the SIPROTEC 5 products.
Siemens Energy Advisory - This advisory discusses
six of the NUCLEUS:13 vulnerabilities
in the Siemens Electric PLUSCONTROL gen 1 products.
MELSEC-F Advisory #1 - This advisory
describes an improper initialization vulnerability in the Mitsubishi MELSEC-F
Series with FX3U-ENET Ethernet-Internet block.
MELSEC-F Advisory #2 - This advisory
describes a lack of administrative control over security vulnerability in the
Mitsubishi MELSEC-F Series with FX3U-ENET Ethernet-Internet block.
Mitsubishi Update - This update
provides additional information on an advisory that was originally
published on October 29th, 2020 and most
recently updated on May 18th, 2021.
Siemens Update - This update
provides additional information on an advisory that was originally
published on April 14th, 2021.
NOTE: Siemens published
an update for their version
of this advisory on November 9th, 2021.
Trane Update - This update
provides additional information on an advisory that was originally published on
September 23rd, 2021.
Other Siemens Updates - Siemens published six other updates yesterday that have not been covered by NCCIC-ICS. I will be covering them this weekend.
For more details on these advisories see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-and-3-updates-published
- subscription required.
Posts
No comments:
Post a Comment