Review – 1 Advisory and 11 Updates Published – 2-10-22

Yesterday, CISA’s NCCIC-ICS updated 11 control system security advisories for products from Siemens. There was also a 7^th advisory published yesterday which I missed because it was buried in the list of updates.

Solid Edge Advisory - This advisory describes five vulnerabilities in the Siemens Solid Edge, JT2Go, and Teamcenter Visualization products.

PROFINET Update - This update provides additional information on an advisory that was originally published on May 9th, 2017 and most recently updated on October 14^th, 2021.

NOTE: The Siemens Advisory also announced that no remediation was planned for SIMATIC CP 443-1 OPC UA

SCALANCE X Update #1 - This update provides additional information on an advisory that was originally published on August 13^th, 2019 and most recently updated on September 14^th, 2021.

NOTE: The Siemens Advisory also announces that there is no fix planned for the newly added SCALANCE X204RNA products.

SCALANCE X Update #2 - This update provides additional information on an advisory that was originally published on January 14^th, 2020.

NOTE: The Siemens Advisory also announces that there is no fix planned for the newly added SCALANCE X204RNA products.

Industrial Products Update #1 - This update provides additional information on an advisory that was originally published on February 11^th, 2020 and most recently updated on April 13^th, 2021.

NOTE: The Siemens Advisory also notes that no remediations are planned for SIMATIC CP 443-1 OPC UA, SIMATIC CP 343-1 Advanced, and SIPLUS NET CP 343-1 Advanced.

Industrial Products Update #2 - This update provides additional information on an advisory that was originally published on August 10^th, 2021.

SCALANCE Update - This update provides additional information on an advisory that was originally published on April 14^th, 2020 and most recently updated on September 14^th, 2021.

TCP/IP Stack Update - This update provides additional information on an advisory that was originally published on March 9^th, 2021 and most recently updated on August 10^th, 2021.

LOGO! Update - This update provides additional information on an advisory that was originally published on September 14^th, 2021.

SIMATIC Update - This update provides additional information on an advisory that was originally published on November 11^th, 2021.

Healthineers Update - This update provides additional information on an advisory that was originally published on December 16^th, 2021.

COMOS Update - This update provides additional information on an advisory that was originally published on January 13^th, 2022

NOTE: The Siemens Advisory also notes that there are no plans to develop mitigation measures for versions 10.2 or 10.3.3.2.14 or later.

Other Siemens Updates - Siemens published 31 additional advisories on Tuesday. I will cover those this weekend.

 

For additional information on this updates, see my article at CSFN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-11-updates-published - subscription required.