Today, CISA’s NCCIC-ICS published nine control system security advisories for products from Siemens (6), Schneider, Horner Automation, and Rapid Software. I also take a down-the-rabbit-hole look at ‘missing advisories’ from 2023.
NOTE: Siemens and Schneider published additional advisories and updates earlier this week. I will be covering them this weekend.
Advisories
Solid Edge Advisory -
This advisory
describes eleven vulnerabilities in the Siemens Solid Edge product.
SIMATIC Advisory #1 -
This advisory
describes an improper input validation vulnerability in the Siemens SIMATIC IPC
series products.
SIMATIC Advisory #2 -
This advisory
describes three vulnerabilities in the Siemens SIMATIC CN 4100. The
vulnerabilities are self-reported.
SICAM Advisory - This
advisory
describes a use of unitialized resource vulnerability in the Siemens SICAM
A8000.
Spectrum Power 7 Advisory
- This advisory
describes an incorrect permission assignment for critical resource vulnerability
in the Siemens Spectrum Power 7.
Teamcenter Advisory -
This advisory
that describes four vulnerabilities in the Siemens JT2Go and Teamcenter
Visualization.
Schneider Advisory -
This advisory
describes a deserialization of untrusted data vulnerability in the Schneider Easergy
Studio.
Horner Advisory -
This advisory
describes a stack-based buffer overflow vulnerability in the Horner Cscape
product.
Rapid Software Advisory
- This advisory
describes seven vulnerabilities in the Rapid Software Rapid SCADA open-source
industrial automation platform.
For more information on these advisories, including links to
researcher reports, as well as a look at missing advisories from 2023, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/9-advisories-published-1-11-24
- subscription required.
Posts
No comments:
Post a Comment