Review – 19 Advisories and 2 Updated Published – 6-13-21

Today, CISA’s NCCIC-ICS published nineteen control systems security advisories for products from Motorola Solutions, Rockwell Automation (3), Fuji Electric, Siemens (13). They updated two advisories for products from Mitsubishi Electric.

Siemens published one additional advisory and 13 updates that have not been addressed by CISA. I will cover them this weekend.

Advisories

Motorola Advisory - This advisory describes seven vulnerabilities in the Motorola Solutions Vigilant License Plate Readers.

Rockwell Advisory #1 - This advisory describes an improper authentication vulnerability in the Rockwell FactoryTalk View SE software.

Rockwell Advisory #2 - This advisory describes an incorrect permissions assignment for critical resource vulnerability in the Rockwell FactoryTalk View SE software.

Rockwell Advisory #3 - This advisory describes an improper authentication vulnerability in the Rockwell FactoryTalk View SE software.

Fuji Advisory - This advisory describes two vulnerabilities in the Fuji Tellus Lite V-Simulator.

SINEC Advisory - This advisory discusses eight vulnerabilities in the Siemens SINEC Traffic Analyzer.

SCALANCE Advisory #1 - This advisory describes seven vulnerabilities in the Siemens SCALANCE W700 802.11 AX family of devices.

SCALANCE Advisory #2 - This advisory discusses eight vulnerabilities in the Siemens SCALANCE XM-400/XR-500 products.

SIMATIC Advisory #1 - This advisory discusses 23 vulnerabilities (three with known exploits) in the Siemens SIMATIC and SIPLUS products.

SIMATIC Advisory #2 - This advisory describes a use of insufficiently random values vulnerability in the Siemens SIMATIC S7-200 SMART devices.

SICAM Advisory - This advisory describes an improper NULL termination vulnerability in the Siemens ICAM AK3, SICAM BC, and SICAM TM products.

Teamcenter Advisory - This advisory describes three vulnerabilities in the Siemens Teamcenter Visualization and JT2Go products.

PowerSys Advisory - This advisory describes an improper authentication vulnerability in the Siemens PowerSys product.

TIM Advisory - This advisory discusses 32 vulnerabilities (five with known exploits) in the Siemens SIPLUS TIM 1531 IRC.

SITOP Advisory - This advisory discusses three out-of-bounds write vulnerabilities in the Siemens SITOP UPS1600 uninterruptible power supplies.

ST7 Advisory - This advisory discusses 37 vulnerabilities (4 with known exploits, 2 in CISA’s KEV catalog) in the Siemens ST7 ScadaConnect products.

TIA Advisory - This advisory describes a creation of a temporary file in directory with insecure permissions vulnerability in the Siemens TIA Administrator.

Mendix Advisory - This advisory describes an improper privilege management vulnerability in the Siemens Mendix Applications.

Updates

Mitsubishi Update #1 - This update provides additional information on the Multiple Products advisory that was originally published on October 5^th, 2020 and most recently updated on June 28^th, 2023.

Mitsubishi Update #2 - This update provides additional information on the MELSEC-Q/L Series advisory that was originally published on March 14^th, 2024 and most recently updated on May 16^th, 2024.

 

For more information on these advisories, including links to 3^rd party vendors and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/19-advisories-and-2-updated-published - subscription required.