Review – 18 Advisories Published – 6-16-22

Today, CISA’s NCCIC-ICS published 17 control system security advisories for products from Siemens (14) and AutomationDirect (3). They also published a medical device security advisory for products from Hillrom. They also published 17 updates, but I will cover those in a separate post.

SINEMA Advisory #1 - This advisory describes 30 vulnerabilities (six with known exploits) in the Siemens SINEMA Remote Connect Server.

SINEMA Advisory #2 - This advisory describes two improperly implemented security check for standard in the Siemens SINEMA Remote Connect Server.

SCALANCE Advisory #1 - This advisory discusses the PwnKit vulnerability in the Siemens SCALANCE LPE 4903 and SINUMERIK Edge.

SCALANCE Advisory #2 - This advisory describes an improper validation of integrity check value in the Siemens SCALANCE XM-400 and XR-500 industrial switches.

SCALANCE Advisor #3 - This advisory discussing ten vulnerabilities (including three with known exploits) in the Siemens SCALANCE LPE9403.

Teamcenter Advisory #1 - This advisory describes a cross-site scripting vulnerability in the Siemens Teamcenter Active Workspace.

Teamcenter Advisory #2 - This advisory describes a use of hard-coded credentials vulnerability in the Siemens Teamcenter.

Industrial Products Advisory - This advisory discusses an infinite loop vulnerability in a large number of Siemens industrial products.

NOTE: It does not look like this advisory will be listing the ‘fixed’ products, we will have to watch the Siemens advisory for that. This may be a way for NCCIC-ICS to avoid having to do numerous updates to this advisory.

Spectrum Power Advisory - This advisory describes a use of hard-coded credentials vulnerability in the Siemens Spectrum Power SCADA, data modeling and monitoring system.

Xpedition Designer - This advisory describes an incorrect permission assignment vulnerability in the Siemens Xpedition Designer design flow products.

SICAM Advisory - This advisory describes three vulnerabilities in the Siemens SICAM GridEdge Essential ARM.

Apache Server Advisory - This advisory discusses three vulnerabilities in the Siemens Apache HTTP Server.

EN100 Advisory - This advisory describes an improper restriction of operations within the bounds of a memory buffer in the Siemens EN100 Ethernet Module.

Mendix Advisory - This advisory describes two vulnerabilities in the Siemens Mendix SAML Modules.

AutomationDirect Advisory #1 - This advisory describes two vulnerabilities in the AutomationDirect DirectLOGIC with Ethernet Communication Modules.

AutomationDirect Advisory #2 - This advisory describes a cleartext transmission of sensitive information vulnerability AutomationDirect DirectLOGIC with Serial Communication.

AutomationDirect Advisory #3 - This advisory describes two vulnerabilities in the AutomationDirect C-more EA9 industrial touch screen HMI.

Hillrom Advisory - This advisory describes two vulnerabilities in the Hillrom Welch Allyn ELI medical devices.

 

For more details on these advisories, including links to researcher reports, third-party advisories, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/18-advisories-published-6-16-22 - subscription required.