Today, CISA’s NCCIC-ICS published five controls system security advisories and six updates, all for products from Siemens. There were two additional updates published by Siemens on Tuesday that were not covered today by CISA; I will discuss them this weekend.
Mendix Advisory - This advisory describes
an authentication by capture bypass in the Siemens Mendix SAML Module cloud
authentication application.
RUGGEDCOM Advisory - This advisory describes
an uncontrolled resource consumption vulnerability in the Siemens RUGGEDCOM
ROS-based devices.
Simcenter Advisory - This advisory describes
twenty vulnerabilities in the Siemens Simcenter Femap and Parasolid modeling tools.
Mobility Advisory - This advisory describes
an improper access control vulnerability in the Siemens CoreShield OWG software.
SCALANCE Update - This update
provides additional details on an advisory that was originally
published on August 11th, 2022.
OpenSSL Update #1 - This update
provides additional details on an advisory that was originally
published on August 14th, 2018 and most
recently updated on February 12th, 2019.
OpenSSL Update #2 - This update
provides additional details on an advisory that was originally
published on June 16th, 2022 and most recently updated on July 14th,
2022.
Industrial Products Update - This update
provides additional details on an advisory that was originally
published on August 10th, 2021 and most
recently updated on August 11th, 2022.
Simcenter Update - This update
provides additional details on an advisory that originally
published on July 14th, 2022 and most
recently updated on August 11th, 2022.
RUGGEDCOM Update - This update
provides additional details on an advisory that was originally
published on December 10th, 2019.
For more details on these advisories and updates, including
links to third-party advisories and exploits, see my article at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/5-advisories-and-6-updates-published
- subscription required.
Posts
No comments:
Post a Comment