Today, CISA’s NCCIC-ICS published seven control system security advisories for products from Rockwell Automation and Siemens (6).
Siemens published one additional advisory on Tuesday and two advisories today that were not covered by CISA. Siemens also published 14 updates, but CISA no longer updates their Siemens advisories. I will report on all of them this weekend.
Advisories
Rockwell Advisory -
This advisory
describes an improper authentication vulnerability in the Rockwell Pavilion8
model predictive control software.
WIBU Systems Advisory
- This advisory
discusses an out-of-bounds write vulnerability in Siemens products using the
WIBU Systems CodeMeter.
Simatic Advisory #1 -
This advisory
discusses the Downfall Attacks
vulnerability found in Siemens SIMATIC Field PG and SIMATIC IPC products.
Simatic Advisory #2 -
This advisory
describes an integer overflow or wrap around vulnerability in the Siemens SIMATIC
and SIPLUS Products.
RUGGEDCOM Advisory -
This advisory
discusses 23 vulnerabilities in the Siemens RUGGEDCOM APE1808 Product Family.
These are third-party (Insyde) vulnerabilities.
QMS Advisory - This
advisory
describes ten vulnerabilities in the Siemens Quality Management System (QMS)
Automotive software.
Parasolid Advisory -
This advisory
describes two out-of-bounds write vulnerabilities in the Siemens Parasolids 3D
geometric modeling tool.
For more details on these advisories, including links to 3rd
party advisories, researcher reports, and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/7-advisories-published-9-14-23
- subscription required.
Posts
No comments:
Post a Comment