Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Schneider Electric, Emerson and Siemens (5). NCCIC-ICS also published 14 updates today, I will address them in a separate blog post.
Schneider Advisory - This advisory
describes thirteen vulnerabilities in the Schneider EcoStruxure, EcoStruxure
Process Expert, and SCADAPack RemoteConnect for x70.
Emerson Advisory - This advisory discusses
an OT:ICEFALL
vulnerability in the Emerson ROC800 remote automation controller.
SCALANCE Advisory - This advisory
describes three vulnerabilities in the Siemens SCALANCE products.
SICAM Advisory #1 - This advisory
describes a hard-coded credentials vulnerability in the Siemens SICAM TOOLBOX
II control and monitoring system.
SICAM Advisory #2 - This advisory
describes an improper access control vulnerability in the Siemens SICAM A8000
CP-8000, CP-8021, and CP-8022 remote terminal units.
Teamcenter Advisory - This advisory
describes two vulnerabilities in the Siemens Teamcenter product lifecycle
management software.
Simcenter Advisory - This advisory
describes an exposure of sensitive information to unauthorized actor
vulnerability in the Siemens Simcenter STAR-CCM+.
For more details about the advisories, including links to
researcher reports and a discussion about duplicate advisory, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-published-8-11-2
- subscription required.
Posts
No comments:
Post a Comment