Review – 14 Advisories Published – 6-15-23

 Yesterday, CISA’s NCCIC-ICS published 14 control system security advisories for products from Siemens (12), Advantech, and SUBNET Solutions.

NOTE: Siemens also updated eight advisories this week, but a policy change at CISA in January means that those Siemens updates are no longer being reported by NCCIC-ICS. I will be covering them this weekend.

Advisories

Teamcenter Advisory - This advisory describes four vulnerabilities in the Siemens JT2Go and Teamcenter Visualization products.

SICAM Advisory #1 - This advisory describes three vulnerabilities in the Siemens SICAM A8000 Devices. The vulnerabilities were reported by the SEC Consult Lab.

SICAM Advisory #2 - This advisory describes six vulnerabilities in the Siemens POWER METER SICAM Q200 family.

SINAMICS Advisory - This advisory discusses 23 vulnerabilities in the Siemens SINAMICS MV (medium voltage) products.

SIMATIC Advisory #1 - This advisory discusses 108 vulnerabilities in the Siemens SIMATIC S7-1500 TM MFP.

SIMATIC Advisory #2 - This advisory discusses 53 vulnerabilities in the BIOS of the Siemens SIMATIC S7-1500 TM MFP.

SIMATIC Advisory #3 - This advisory describes a code injection vulnerability in the Siemens SIMATIC PCS 7, SIMATIC S7-PM, and SIMATIC STEP 7 V5 products.

SIMATIC Advisory #4 - This advisory describes an incorrect permission assignment for critical resource vulnerability in the Siemens SIMATIC WinCC.

SIMATIC Advisory #5 - This advisory describes a use of obsolete function (legacy OPC services) vulnerability in the Siemens SIMATIC products.

Solid Edge Advisory - This advisory describes an out-of-bounds read vulnerability in the Siemens Solid Edge SE2023 product.

TIA Portal Advisory - This advisory describes a protection mechanism failure vulnerability in the Siemens TIA Portal.

SIMOTION Advisory - This advisory describes an exposure of sensitive information due to incompatible policies vulnerable in the Siemens SIMOTION products.

Advantech Advisory - This advisory describes an untrusted pointer dereference vulnerability in the Advantech WebAccess/SCADA product.

SUBNET Advisory - This advisory describes two vulnerabilities in the SUBNET PowerSYSTEM Center.

Commentary

While Siemens reported an apparently egregious number of vulnerabilities (108 and 53 in separate advisories) in their SINAMICS medium voltage products, these are all Linux vulnerabilities and Siemens has been cumulatively reporting similar slow-to-be-fixed Linux vulnerabilities in their SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP since 2018. This is one of the problems with using a general-purpose OS for control system products. If Siemens was reporting Windows vulnerabilities, I am sure that we would be seeing a large number of such advisories being published every month. Most vendors do not report Windows related vulnerabilities because, where their products use that OS, they rely on Microsoft’s automated update service to relatively painlessly fix those problems. Interestingly, that means those products are exposed to the Internet for that service to work.

 

For more details about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/14-advisories-published-6-15-23 - subscription required.