Review – Public ICS Disclosures – Week of 8-6-22 – Part 2

For Part 2 we have 36 vendor updates from BD (3), CONTEC, HP, Schneider (7), and Siemens (24).

BD Update #1 - BD published an update for their BD Alaris™ 8015 PC Unit advisory that was originally published on November 12^th, 2022, and most recently updated on March 15^th, 2021.

NOTE: NCCIC-ICS did not update their advisory (ICSMA-20-317-01) for this information.

BD Update #2 - BD published an update for their Interpeak IPNET TCP IP stack that was originally published on October 1^st, 2019.

BD Update #3 - BD published an update for their Alaris PC Unit PCU model 8015 advisory that was originally published on February 7^th, 2017 and most recently updated on March 16^th, 2021.

NOTE: NCCIC-ICS did not update their advisory (ICSMA-17-017-02) for this information.

CONTEC Update - JP-CERT published an update for the CONTEC Solar View Compact advisory that was originally published on July 27^th, 2022.

HP Update - HP published an update for their Security Manager and Web Jetadmin advisory that was originally published on January 31^st, 2022 and most recently updated on May 3^rd, 2022.

Schneider Update #1 - Schneider published an update for their Log4Shell Advisory.

Schneider Update #2 - Schneider published an update for their Embedded FTP Servers advisory that was originally published on March 22^nd, 2018 and most recently updated on April 12^th, 2022.

Schneider Update #3 - Schneider published an update for their Modicon Controllers advisory that was originally published on September 26^th, 2019 and most recently updated on April 15^th, 2021.

Schneider Update #4 - Schneider published an update for their EcoStruxure Control Expert advisory that was originally published on July 13^th, 2021 and most recently updated on July 12^th, 2022.

Schneider Update #5 - Schneider published an update for their Modicon PAC Controllers advisory that was originally published on August 10^th, 2021.

Schneider Update #6 - Schneider published an update for their BadAlloc advisory that was originally published on November 9^th, 2021 and most recently updated on June 15^th, 2022.

Schneider Update #7 - Schneider published an update for their OPC UA and X80 Advanced RTU advisory that was originally published on July 12^th, 2022.

Siemens Update #1 - Siemens published an update for their UMC Component advisory that was originally published on July 14^th, 2020 and most recently updated on July 13^th, 2021

NCCIC-ICS did not update their advisory (ICSA-20-196-05) for this information.

Siemens Update #2 - Siemens published an update for their OpenSSL advisory that was originally published on April 14^th, 2014 and most recently updated on June 14^th, 2022.

Siemens Update #3 - Siemens published an update for their RUGGEDCOM advisory that was originally published on March 10^th, 2022 and most recently updated on June 14^th, 2022.

NOTE: NCCIC-ICS did not update their advisory (ICSA-22-069-01) for this information.

Siemens Update #4 - Siemens published an update for their Libcurl advisory that was originally published on May 12^th, 2022, and most recently updated on June 14^th, 2022.

NOTE: NCCIC-ICS did update their advisory (ICSA-22-132-13) but did not list the update on their advisory page, so I did not cover it on Friday.

Siemens Update #5 - Siemens published an update for their SIMATIC WinCC advisory that was originally published on February 10^th, 2022 and most recently updated on May 10^th, 2022.

NOTE: NCCIC-ICS did update their advisory (ICSA-22-041-02) but did not list the update on their advisory page, so I did not cover it on Friday.

Siemens Update #6 - Siemens published an update for their OpenSSL advisory that was originally published on June 16^th, 2022 and most recently updated on July 12^th, 2022.

NOTE: NCCIC-ICS did not update their advisory (ICSA-22-167-14) for this information.

Siemens Update #7 - Siemens published an update for their Log4Shell advisory.

Siemens Update #8 - Siemens published an update for their SIMATIC advisory that was originally published on July 13^th, 2021 and most recently updated on July 14^th, 2022

NOTE: NCCIC-ICS did update their advisory (ICSA-21-194-06) but did not list the update on their advisory page, so I did not cover it on Friday.

Siemens Update #9 - Siemens published an update for their Industrial Products advisory that was originally published on March 20^th, 2018 and most recently updated on June 14^th, 2022.

Siemens Update #10 - Siemens published an update for their Wibu CodeMeter advisory that was originally published on November 9^th, 2021 an most recently updated on January 11^th, 2022.

Siemens Update #11 - Siemens published an update for their SIMATIC advisory that was originally published on July 12^th, 2022.

NCCIC-ICS did not update their advisory (ICSA-22-195-15) for this information.

Siemens Update #12 - Siemens published an update for their SIMATIC NET CP advisory that was originally published on March 8^th, 2022 and most recently updated on June 14^th, 2022.

Siemens Update #13 - Siemens published an update for their SIMATIC S7-300 advisory that was originally published on November 10^th, 2020 and most recently updated on August 10^th, 2021.

NCCIC-ICS did not update their advisory (ICSA-20-315-04) for this information.

Siemens Update #14 - Siemens published an update for their Industrial Products advisory that originally published on December 10th, 2019 and most recently updated on June 14^th, 2022.

Siemens Update #15 - Siemens published an update for their PROFINET advisory that was originally published on October 10^th, 2019 and most recently updated on February 8^th, 2022.

Siemens Update #16 - Siemens published an update for their PROFINET advisory that was originally published on April 14^th, 2022 and most recently updated on July 12^th, 2022.

NOTE: NCCIC-ICS did update their advisory (ICSA-22-104-06) but did not list the update on their advisory page, so I did not cover it on Friday.

Siemens Update #17 - Siemens published an update for their GNU/Linux advisory that was  originally published in 2018 and most recently updated on July 12^th, 2022.

Siemens Update #18 - Siemens published an update for their SIMATIC S7 CPU advisory that was originally published on February 11^th, 2020 and most recently updated on April 14^th, 2020.

Note: NCCIC-ICS did not update their advisory (ICSA-20-042-05) for this information.

Siemens Update #19 - Siemens published an update for their JT2Go and Teamcenter advisory that was originally published on July 12^th, 2022.

Siemens Update #20 - Siemens published an update for their Insyde Bios advisory that was originally published on February 22^nd, 2022 and most recently updated on July 12^th, 2022.

Siemens Update #21 - Siemens published an update for their OPC UA advisory that was originally published on May 12^th, 2022 and most recently updated on July 12^th, 2022.

Siemens Update #22 - Siemens published an update for their OpenSSL advisory that was originally reported on July 13^th, 2021 and most recently updated on July 12^th, 2022.

Siemens Update #23 - Siemens published an update for their SIMATIC S7-1200 advisory that was originally published on December 10^th, 2019, and most recently updated on March 12^th, 2020.

NOTE: NCCIC-ICS did update their advisory (ICSA-19-344-06) but did not list the update on their advisory page, so I did not cover it on Friday.

Siemens Update #24 - Siemens published an update for their SIMATIC S7-400 advisory that was originally published on November 13^th, 2018, and most recently updated on February 10^th, 2020

NOTE: NCCIC-ICS did not update their advisory (ICSA-18-317-02) for this information.

 

For more details about these updates, including summary of changes made, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-8-0ca - subscription required.