For Part 2 we have 36 vendor updates from BD (3), CONTEC, HP,
Schneider (7), and Siemens (24).
BD Update #1 - BD published an
update for their BD Alaris™ 8015 PC Unit advisory that was originally
published on November 12th, 2022, and most recently updated on
March 15th, 2021.
NOTE: NCCIC-ICS did not update their advisory (ICSMA-20-317-01)
for this information.
BD Update #2 - BD published an
update for their Interpeak IPNET TCP IP stack that was originally
published on October 1st, 2019.
BD Update #3 - BD published an update for their Alaris
PC Unit PCU model 8015 advisory that was originally
published on February 7th, 2017 and most
recently updated on March 16th, 2021.
NOTE: NCCIC-ICS did not update their advisory (ICSMA-17-017-02)
for this information.
CONTEC Update - JP-CERT published an update for the
CONTEC Solar View Compact advisory that was originally
published on July 27th, 2022.
HP Update - HP published an
update for their Security Manager and Web Jetadmin advisory that was
originally published on January 31st, 2022 and most recently updated
on May 3rd, 2022.
Schneider Update #1 - Schneider published an
update for their Log4Shell Advisory.
Schneider Update #2 - Schneider published an
update for their Embedded FTP Servers advisory that was originally
published on March 22nd, 2018 and most
recently updated on April 12th, 2022.
Schneider Update #3 - Schneider published an
update for their Modicon Controllers advisory that was originally
published on September 26th, 2019 and most recently updated on
April 15th, 2021.
Schneider Update #4 - Schneider published an
update for their EcoStruxure Control Expert advisory that was originally
published on July 13th, 2021 and most
recently updated on July 12th, 2022.
Schneider Update #5 - Schneider published an
update for their Modicon PAC Controllers advisory that was originally
published on August 10th, 2021.
Schneider Update #6 - Schneider published an
update for their BadAlloc advisory
that was originally
published on November 9th, 2021 and most
recently updated on June 15th, 2022.
Schneider Update #7 - Schneider published an
update for their OPC UA and X80 Advanced RTU advisory that was originally
published on July 12th, 2022.
Siemens Update #1 - Siemens published an update
for their UMC Component advisory that was originally
published on July 14th, 2020 and most
recently updated on July 13th, 2021
NCCIC-ICS did not update their advisory (ICSA-20-196-05)
for this information.
Siemens Update #2 - Siemens published an update
for their OpenSSL advisory that was originally
published on April 14th, 2014 and most
recently updated on June 14th, 2022.
Siemens Update #3 - Siemens published an update
for their RUGGEDCOM advisory that was originally
published on March 10th, 2022 and most
recently updated on June 14th, 2022.
NOTE: NCCIC-ICS did not update their advisory (ICSA-22-069-01)
for this information.
Siemens Update #4 - Siemens published an update
for their Libcurl advisory that was originally
published on May 12th, 2022, and most
recently updated on June 14th, 2022.
NOTE: NCCIC-ICS did update their advisory (ICSA-22-132-13)
but did not list the update on their advisory page,
so I did not cover it on Friday.
Siemens Update #5 - Siemens published an update
for their SIMATIC WinCC advisory that was originally
published on February 10th, 2022 and most
recently updated on May 10th, 2022.
NOTE: NCCIC-ICS did update their advisory (ICSA-22-041-02)
but did not list the update on their advisory page,
so I did not cover it on Friday.
Siemens Update #6 - Siemens published an update
for their OpenSSL advisory that was originally
published on June 16th, 2022 and most
recently updated on July 12th, 2022.
NOTE: NCCIC-ICS did not update their advisory (ICSA-22-167-14)
for this information.
Siemens Update #7 - Siemens published an update
for their Log4Shell advisory.
Siemens Update #8 - Siemens published an update
for their SIMATIC advisory that was originally
published on July 13th, 2021 and most
recently updated on July 14th, 2022
NOTE: NCCIC-ICS did update their advisory (ICSA-21-194-06)
but did not list the update on their advisory page,
so I did not cover it on Friday.
Siemens Update #9 - Siemens published an update
for their Industrial Products advisory that was originally
published on March 20th, 2018 and most
recently updated on June 14th, 2022.
Siemens Update #10 - Siemens published an update
for their Wibu CodeMeter advisory that was originally
published on November 9th, 2021 an most
recently updated on January 11th, 2022.
Siemens Update #11 - Siemens published an update
for their SIMATIC advisory that was originally
published on July 12th, 2022.
NCCIC-ICS did not update their advisory (ICSA-22-195-15)
for this information.
Siemens Update #12 - Siemens published an update
for their SIMATIC NET CP advisory that was originally
published on March 8th, 2022 and most
recently updated on June 14th, 2022.
Siemens Update #13 - Siemens published an update
for their SIMATIC S7-300 advisory that was originally
published on November 10th, 2020 and most
recently updated on August 10th, 2021.
NCCIC-ICS did not update their advisory (ICSA-20-315-04)
for this information.
Siemens Update #14 - Siemens published an update
for their Industrial Products advisory that originally
published on December 10th, 2019 and most
recently updated on June 14th, 2022.
Siemens Update #15 - Siemens published an update
for their PROFINET advisory that was originally
published on October 10th, 2019 and most
recently updated on February 8th, 2022.
Siemens Update #16 - Siemens published an update
for their PROFINET advisory that was originally
published on April 14th, 2022 and most
recently updated on July 12th, 2022.
NOTE: NCCIC-ICS did update their advisory (ICSA-22-104-06)
but did not list the update on their advisory page,
so I did not cover it on Friday.
Siemens Update #17 - Siemens published an update
for their GNU/Linux advisory that was originally
published in 2018 and most
recently updated on July 12th, 2022.
Siemens Update #18 - Siemens published an update
for their SIMATIC S7 CPU advisory that was originally
published on February 11th, 2020 and most
recently updated on April 14th, 2020.
Note: NCCIC-ICS did not update their advisory (ICSA-20-042-05)
for this information.
Siemens Update #19 - Siemens published an update
for their JT2Go and Teamcenter advisory that was originally
published on July 12th, 2022.
Siemens Update #20 - Siemens published an update
for their Insyde Bios advisory that was originally
published on February 22nd, 2022 and most
recently updated on July 12th, 2022.
Siemens Update #21 - Siemens published an update
for their OPC UA advisory that was originally
published on May 12th, 2022 and most
recently updated on July 12th, 2022.
Siemens Update #22 - Siemens published an update
for their OpenSSL advisory that was originally
reported on July 13th, 2021 and most
recently updated on July 12th, 2022.
Siemens Update #23 - Siemens published an update
for their SIMATIC S7-1200 advisory that was originally
published on December 10th, 2019, and most recently updated on
March 12th, 2020.
NOTE: NCCIC-ICS did update their advisory (ICSA-19-344-06)
but did not list the update on their advisory page,
so I did not cover it on Friday.
Siemens Update #24 - Siemens published an update
for their SIMATIC S7-400 advisory that was originally
published on November 13th, 2018, and most recently updated on
February 10th, 2020
NOTE: NCCIC-ICS did not update their advisory (ICSA-18-317-02)
for this information.
For more details about these updates, including summary of
changes made, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-0ca
- subscription required.