Review – Public ICS Disclosures – Week of 6-11-22 – Part 3

Finally, for Part 3 we have 16 vendor updates from Schneider (4) and Siemens (12).

Schneider Update #1 - Schneider published an update for their BadAlloc advisory that was originally published on November 9^th, 2021 and most recently updated on May 10^th, 2022.

Schneider Update #2 - Schneider published an update for their Rapsody advisory that was originally published on January 12^th, 2021.

NOTE: NCCIC-ICS has not updated their version of this advisory (ICSA-21-012-01).

Schneider Update #3 - Schneider published an update for their EcoStructure advisory that was originally published on March 14^th, 2022.

Schneider Update #4 - Schneider published an update for their APC Smart UPS advisory that was originally published on March 8^th, 2022 and most recently updated on May 10^th, 2022.

Siemens Update #1 - Siemens published an update for their SNMP advisory that was originally published on February 11^th, 2020 and most recently updated on April 12^th, 2022.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-20-042-06) for this change.

Siemens Update #2 - Siemens published an update for their OpenSSL advisory that was originally published on April 14^th, 2014 and most recently updated on May 12^th, 2022.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-22-104-05) for this change.

Siemens Update #3 - Siemens published an update for their Log4Shell advisory that was originally published on December 13^th, 2021 and most recently updated on May 10^th, 2022.

Siemens Update #4 - Siemens published an update for their Industrial Products advisory that was originally published on March 20^th, 2018 and most recently updated on October 8^th, 2019.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-18-079-02) to reflect this change.

Siemens Update #5 - Siemens published an update for their SIMATIC advisory that was  originally published on September 9^th, 2021 and most recently updated on December 14^th, 2021.

Siemens Update #6 - Siemens published an update for their SIMATIC Net CP advisory that was originally published on March 8^th, 2022 and most recently updated on April 12^th, 2022.

Siemens Update #7 - Siemens published an update for their Industrial Products advisory that was originally published on December 10th, 2019 and most recently updated on February 8^th, 2022.

Siemens Update #8 - Siemens published an update for their  TCP SACK PANIC advisory that was originally published on September 10^th, 2019 and most recently updated on May 10^th, 2022.

NOTE: NCCIC-ICS has not updated their advisory (ICSA-19-253-03) for this information.

Siemens Update #9 - Siemens published an update for their GNU/Linux advisory that was  originally published in 2018 and most recently updated on May 10^th, 2022.

NOTE: NCCIC-ICS did not update their advisory (ICSA-22-104-13) for this information.

Siemens Update #10 - Siemens published an update for their SpringShell advisory that was originally published on April 19^th, 2022 and most recently updated on April 27^th, 2022.

Siemens Update #11 - Siemens published an update for their OpenSSL advisory that was originally reported on July 13^th, 2021 and most recently updated on May 10^th, 2022.

Siemens Update #12 - Siemens published an update for their SegmentSmack advisory that was originally published on April 14^th, 2020 and most recently updated on May 12^th, 2022.

NOTE: NCCIC-ICS did not update their advisory (ICSA-20-105-07) for this information.

 

For more information on these updates, including links to 3^rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-b77 - subscription required.