Thursday, February 10, 2022

Review – 6 Advisories Published – 2-10-22

Today, CISA’s NCCIC-ICS published 6 control system security advisories for products from Siemens.

NOTE: They also published 12 updates for Siemens’ advisories. I will cover those in a separate post.

Spectrum Power Advisory - This advisory describes a cross-site scripting vulnerability in the Siemens SINEMA Spectrum Power 4.

SICAM Advisory - This advisory describes a use of hard-coded credentials vulnerability in the Siemens SICAM TOOLBOX II software platform.

SINEMA Advisory - This advisory describes an open redirect vulnerability in the Siemens SINEMA Remote Connect Server.

Simcenter Advisory - This advisory describes 11 vulnerabilities in the Siemens Simcenter Femap advanced simulation application.

WinCC and PCS Advisory - This advisory describes two vulnerabilities in the Siemens SIMATIC WinCC and PCS.

NOTE: The Siemens advisory reports that there are no fixes planned for the following products:

• SIMATIC PCS 7 V8.2 and earlier, and


Industrial Products Advisory - This advisory describes three vulnerabilities in the Siemens SIMATIC Industrial Products. The vulnerabilities were reported by Gao Jian.

Other Siemens Advisories - Siemens published three other new advisories on Tuesday. I will be covering them this weekend.


For more details about these advisories, including links to researcher reports, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */