Review – 21 Advisories Published – 12-15-22

Today NCCIC-ICS published twenty-one control system security advisories for products from Siemens (20) and Prosys. They also published 20 updates, but I will cover those in a separate post.

 

SCALANCE Advisory #1 - This advisory discusses 83 vulnerabilities in the Siemens SCALANCE X-200RNA Switch Devices.

SCALANCE Advisory #2 - This advisory discusses four vulnerabilities in the Siemens SCALANCE SC-600 Family.

SCALANCE Advisory #3 - This advisory describes five vulnerabilities in the Siemens RUGGEDCOM and SCALANCE devices.

SCALANCE Advisory #4 - This advisory describes six vulnerabilities in the Siemens SCALANCE X204RNA.

Teamcenter Advisory #1 - This advisory describes twelve vulnerabilities in the Siemens Teamcenter Visualization and JT2Go products.

Teamcenter Advisory #2 - This advisory discusses three vulnerabilities in the Siemens Teamcenter Visualization and JT2Go products.

SICAM Advisory - This advisory describes three vulnerabilities in the Siemens SICAM PAS.

Mendix Advisory #1 - This advisory describes an improper access control vulnerability in the Siemens Mendix Email Connector.

Mendix Advisory #2 - This advisory describes an improper access control vulnerability in the Siemens Mendix Workflow Commons.

APOGEE Advisory #1 - This advisory describes an improper access control vulnerability in the Siemens APOGEE and TALON products.

APOGEE Advisory #2 - This advisory describes a predictable exact value from previous values vulnerability in the Siemens APOGEE PXC and TALON TC products.

SIPROTEC Advisory #1 - This advisory discusses a resource management errors vulnerability in the Siemens SIPROTEC 5 devices.

SIPROTEC Advisory #2 - This advisory describes an uncontrolled resource consumption vulnerability in the Siemens SIPROTEC 5 devices.

Parasolid Advisory - This advisory describes five vulnerabilities in the Siemens Parasolid product.

OpenSSL 3.0 Advisory - This advisory discusses the OpenSSL 3.0 vulnerabilities in Siemens products.

Polarian Advisory - This advisory describes an injection vulnerability in the Siemens Polarion ALM application.

Simcenter Advisory - This advisory describes an incorrect permission assignment vulnerability in the Siemens Simcenter STAR-CCM+ computational fluid dynamics software.

SIMATIC Advisory - This advisory describes an argument injection vulnerability in the Siemens SIMATIC WinCC OA Ultralight Client.

PLM Advisory - This advisory describes a cross-site scripting vulnerability in the Siemens PLM Help Server.

Industrial Products Advisory - This advisory describes four vulnerabilities in the Siemens SIMATIC Products and TIM 1531 IRC.

Prosys OPC Advisory - This advisory descries an insufficiently protected credentials vulnerability in the Prosys OPC UA simulation servers.

 

For more details about these vulnerabilities, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/21-advisories-published-12-15-22 - subscription required.