Thursday, August 11, 2022

Review – 7 Advisories Published – 8-11-22

Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Schneider Electric, Emerson and Siemens (5). NCCIC-ICS also published 14 updates today, I will address them in a separate blog post.

Schneider Advisory - This advisory describes thirteen vulnerabilities in the Schneider EcoStruxure, EcoStruxure Process Expert, and SCADAPack RemoteConnect for x70.

Emerson Advisory - This advisory discusses an OT:ICEFALL vulnerability in the Emerson ROC800 remote automation controller.

SCALANCE Advisory - This advisory describes three vulnerabilities in the Siemens SCALANCE products.

SICAM Advisory #1 - This advisory describes a hard-coded credentials vulnerability in the Siemens SICAM TOOLBOX II control and monitoring system.

SICAM Advisory #2 - This advisory describes an improper access control vulnerability in the Siemens SICAM A8000 CP-8000, CP-8021, and CP-8022 remote terminal units.

Teamcenter Advisory - This advisory describes two vulnerabilities in the Siemens Teamcenter product lifecycle management software.

Simcenter Advisory - This advisory describes an exposure of sensitive information to unauthorized actor vulnerability in the Siemens Simcenter STAR-CCM+.


For more details about the advisories, including links to researcher reports and a discussion about duplicate advisory, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */