Review – Public ICS Disclosures – Week of 1-6-24 – Part 2

For Part 2 we have an additional vendor advisory from Schneider. Finally, we also have 17 vendor updates from Schneider (6) and Siemens (11).

Advisories

Schneider Advisory - Schneider published an advisory that describes three vulnerabilities in their s EcoStruxure Control Expert, EcoStruxure Process Expert and Modicon M340, M580 PLCs.

Updates

Schneider Update #1 - Schneider published an update for their CODESYS Runtime advisory that was originally published on July 11^th, 2023 and most recently updated on August 8^th, 2023.

Schneider Update #2 - Schneider published an update for their EcoStruxure Control Expert advisory that was originally published on April 11^th, 2023.

Schneider Update #3 - Schneider published an update for their CODESYS Runtime Vulnerabilities advisory that was originally published on April 11^th, 2023.

Schneider Update #4 - Schneider published an update for their s EcoStruxure Control Expert advisory that was originally published on January 10^th, 2023 and most recently updated on August 8^th, 2023.

Schneider Update #5 - Schneider published an update for their ISaGRAF advisory that was originally published on June 8^th, 2021 and most recently updated on March 14^th, 2023.

Schneider Update #6 - Schneider published an update for their Harmony HMI Panels advisory that was originally published on August 13^th, 2019 and most recently updated on February 8^th, 2022.

Siemens Update #1 - Siemens published an update for their User Management Component advisory that was originally published on December 12^th 2023.

Siemens Update #2 - Siemens published an update for their SiNVR/SiVMS Video Server advisory that was originally published on March 10^th, 2020 and most recently updated on August 10^th, 2021.

Siemens Update #3 - Siemens published an update for their Linux Kernel of the SIMATIC S7-1500 advisory that was originally published on June 13^th, 2023 and most recently updated on December 12^th, 2023.

Siemens Update #4 - Siemens published an update for their OpenSSL Vulnerabilities advisory that was originally published on July 13^th, 2021 and most recently updated on March 14^th, 2023.

Siemens Update #5 - Siemens published an update for their Control Center Server advisory that was originally published on April 13^th, 2023.

Siemens Update #6 - Siemens published an update for their SiNVR/SiVMS Video Server advisory that was originally published on December 10^th, 2019 and most recently updated on April 13^th, 2021.

Siemens Update #7 - Siemens published an update for their n OpenSSL (CVE-2022-0778) advisory that was originally published on June 14^th, 2022 and most recently updated on October 10^th, 2023.

Siemens Update #8 - Siemens published an update for their e OPC UA Implementations of SIMATIC Products advisory that was originally published on September 12^th, 2023 and most recently updated on December 12^th, 2023.

Siemens Update #9 - Siemens published an update for their SICAM Q100 advisory that was originally published on November 8^th, 2023.

Siemens Update #10 - Siemens published an update for their Web Interface of SICAM Q100 advisory that was originally published on December 12^th, 2023.

Siemens Update #11 - Siemens published an update for their GNU/Linux subsystem of the SIMATIC S7-1500 CPU advisory that was originally published on December 12^th, 2023.

 

For more information on these disclosures, including links to exploits and a brief description of changes in updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-ad7 - subscription required.