For Part 2 we have six vendor disclosures from Schneider (4) and Siemens (2). Finally, we have 16 vendor updates from Schneider (4) and Siemens (12).
Advisories
Schneider Advisory #1 - Schneider published an
advisory that describes four vulnerabilities in their StruxureWare Data
Center Expert.
Schneider Advisory #2 - Schneider published an
advisory that improper restriction of xml external entity reference
vulnerability in the EcoStruxure OPC UA Server Expert.
Schneider Advisory #3 - Schneider published an
advisory that describes a classic buffer overflow vulnerability in their Accutech
Manager product.
Schneider Advisory #4 - Schneider published an advisory
that discusses multiple CODESYS vulnerabilities from two advisories (here
and here).
Siemens Advisory #1 - Siemens published an
advisory that describes two vulnerabilities in their SIMATIC CN 4100 communication
node.
Siemens Advisory #2 - Siemens published an advisory that describes six vulnerabilities in their Tecnomatix Plant Simulation product.
Updates
Schneider Update #1 - Schneider published an
update for their EcoStruxure Power Monitoring Expert advisory that was
originally published on March 14th, 2023.
Schneider Update #2 - Schneider published an
update for their EcoStruxure Control Expert advisory that was originally
published on January 10th, 2023 and most recently updated on April
11th, 2023.
Schneider Update #3 - Schneider published an
update for their BadAlloc
advisory that was originally published on November 9th, 2021 and
most recently updated on 9 May, 2023.
Schneider Update #4 - Schneider published an
update for their Modicon PAC Controllers advisory that was originally
published on August 10th, 2021 and most recently updated on March 14th,
2023.
Siemens Update #1 - Siemens published an update
for their SIMATIC STEP 7 and PCS 7 advisory that was originally published on
June 13th, 2023.
Siemens Update #2 - Siemens published an
update for their Simcenter STAR-CCM+ advisory that was originally published
on December 12th, 2022.
Siemens Update #3 - Siemens published an update
for their Linux Kernel advisory that was originally published on June 13th,
2023.
Siemens Update #4 - Siemens published an update
for their OpenSSL advisory that was originally published on June 14th,
2022 and most recently updated on June 13th, 2023.
Siemens Update #5 - Siemens published an update
for their IPU 2022.3 advisory that was originally published on February 14th,
2023 and most recently updated on May 9th, 2023.
Siemens Update #6 - Siemens published an update
for their missing CSRF protection advisory that was originally published on
November 8th, 2022 and most recently updated on May 9th,
2023.
Siemens Update #7 - Siemens published an update
for their PROFINET Stack Integrated on Interniche Stack advisory that was
originally published on April 12th, 2022 and most recently updated
on April 11th, 2023.
Siemens Update #8 - Siemens published an update
for their GNU/Linux subsystem advisory that was originally published on November
27th, 2018 and most recently updated on June 13th, 2023.
Siemens Update #9 - Siemens published an update
for their OpenSSL 3.0 advisory that was originally published on December 13th,
2022 and most recently updated on April 11th, 2023.
Siemens Update #10 - Siemens published an update
for their Industrial Products advisory that was originally published on
December 13th, 2023 and most recently updated on May 9th,
2023.
Siemens Update #11 - Siemens published an update
for their SIMATIC WinCC Kiosk Mode advisory that was originally published on
May 10th, 2022 and most recently updated on June 14th, 2022.
Siemens Update #12 - Siemens published an update
for their Insyde BIOS Vulnerabilities advisory that was originally published on
February 22nd, 2022 and most recently updated on February 14th,
2023.
For more details about these disclosures, including links to 3rd party advisories and summaries for changes made in updates, see my article at CFSN Detailed Analysis - - subscription required.
Posts
No comments:
Post a Comment