Today, CISA’s NCCIC-ICS published eleven control system
security advisories for products from Omron (2) and Siemens (9). They also
published nine updates that will be covered in a separate post.
NOTE: Omron previously published an
advisory and an
update to that advisory for this vulnerability.
Omron Advisory #2 - This advisory describes
two vulnerabilities in the Omron NJ/NX-series Controllers and Software.
NOTE: Omron previously published an
advisory and an
update to that advisory for these vulnerabilities.
SICAM Advisory - This advisory describes
four vulnerabilities in the Siemens SICAM Q100 power meters.
SCALANCE Advisory - This advisory describes
thirteen vulnerabilities (including one with known exploit) in the Siemens SCALANCE
W1750D.
Teamcenter Advisory - This advisory describes
six vulnerabilities in the Siemens Teamcenter Visualization and JT2Go products.
QMS Advisory - This advisory describes
a clear-text storage of sensitive information in the Siemens QMS Automotive.
RUGGEDCOM Advisory - This advisory describes
an uncontrolled resource consumption in the Siemens RUGGEDCOM ROS devices.
SINUMERIK Advisory - This advisory describes
an insufficiently protected credentials vulnerability in the Siemens SINUMERIK
CNC systems.
SINEC Advisory - This advisory describes
a deserialization of untrusted data vulnerability in the Siemens SINEC network
management system (NMS).
Industrial Controllers Advisory - This advisory describes
a cross-site request forgery vulnerability in the Siemens SIMATIC Industrial
Controllers and Software.
Parasolid Advisory - This advisory describes
two vulnerabilities in the Siemens Parasolid 3D geometric modeling tools.
For more details on these advisories, including links to
exploits and researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/11-advisories-published-11-10-22
- subscription required.
Posts
No comments:
Post a Comment