Today, CISA’s NCCIC-ICS published 6 control system security advisories for products from Siemens.
NOTE: They also published 12 updates for Siemens’ advisories. I will cover those in a separate post.
Spectrum Power Advisory - This advisory
describes a cross-site scripting vulnerability in the Siemens SINEMA Spectrum
Power 4.
SICAM Advisory - This advisory
describes a use of hard-coded credentials vulnerability in the Siemens SICAM
TOOLBOX II software platform.
SINEMA Advisory - This advisory
describes an open redirect vulnerability in the Siemens SINEMA Remote Connect
Server.
Simcenter Advisory - This advisory
describes 11 vulnerabilities in the Siemens Simcenter Femap advanced simulation
application.
WinCC and PCS Advisory - This advisory
describes two vulnerabilities in the Siemens SIMATIC WinCC and PCS.
NOTE: The Siemens
advisory reports that there are no fixes planned for the following products:
• SIMATIC PCS 7 V8.2 and earlier,
and
• SIMATIC PCS 7 V9.0:
Industrial Products Advisory - This advisory
describes three vulnerabilities in the Siemens SIMATIC Industrial Products. The
vulnerabilities were reported by Gao Jian.
Other Siemens Advisories - Siemens published
three other new advisories on Tuesday. I will be covering them this weekend.
For more details about these advisories, including links to
researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/6-advisories-published-2-10-22
- subscription required.
Posts
No comments:
Post a Comment