Review – Public ICS Disclosures – Week of 7-6-23 – Part 2

For Part 2 this week, we have 24 vendor updates from Schneider (3) and Siemens (21). There are three researcher reports for products from SonicWall, Synology, and TP-Link. There was one exploit published for products from VMware. Finally, we have an article from Siemens that should be of interest.

Updates

Schneider Update #1 - Schneider published an update for their SAGE RTU advisory that was originally published on June 11^th, 2024.

Schneider Update #2 - Schneider published an update for their EcoStruxure Control Expert advisory that was originally published on February 13^th, 2024.

Schneider Update #3 - Schneider published an update for their Modicon Controllers advisory that was originally published on December 8^th, 2020 and most recently updated on February 13th, 2020.

Siemens Update #1 - Siemens published an update for their SIMATIC IPCs advisory that was originally published on September 12^th, 2023 and most recently updated on November 14^th, 2023.

Siemens Update #2 - Siemens published an update for their Industrial Products advisory that was originally published on May 14^th, 2024.

Siemens Update #3 - Siemens published an update for their RUGGEDCOM APE1808 devices advisory that was originally published on March 12^th, 2024 and most recently updated on June 11^th, 2024.

Siemens Update #4 - Siemens published an update for their PROFINET Devices advisory that was originally published on February 11^th, 2020 and most recently updated on April 11^th, 2024.

Siemens Update #5 - Siemens published an update for their SIMATIC WinCC advisory that was originally published on February 13^th, 2024 and most recently updated on June 11^th, 2024.

Siemens Update #6 - Siemens published an update for their RUGGEDCOM APE1808 devices advisory that was originally published on April 19^th, 2024.

Siemens Update #7 - Siemens published an update for their SIMATIC WinCC advisory that was originally published on April 9^th, 2024.

Siemens Update #8 - Siemens published an update for their n OpenSSL (CVE-2022-0778) advisory that was originally published on June 14^th, 2022, and most recently updated on May 14^th, 2024.

Siemens Update #9 - Siemens published an update for their OPC UA Implementation advisory that was originally published on September 12^th, 2023, and most recently updated on June 11^th, 2024.

Siemens Update #10 - Siemens published an update for their Industrial Products using Intel CPUs advisory that was originally published on February 14^th, 2023, and most recently updated on August 8^th, 2023.

Siemens Update #11 - Siemens published an update for their SegmentSmack advisory that was originally published on April 14^th, 2020, and most recently updated on May 14^th, 2024.

Siemens Update #12 - Siemens published an update for their SINEMA Remote Connect Server advisory that was originally published on June 14^th, 2022.

Siemens Update #13 - Siemens published an update for their PROFINET Devices advisory that was originally published on October 8^th, 2018, and most recently updated on May 9^th, 2023.

Siemens Update #14 - Siemens published an update for their RUGGEDCOM APE1808 devices advisory that was originally published on April 9^th, 2024, and most recently updated on May 14^th, 2024.

Siemens Update #15 - Siemens published an update for their PROFINET Stack advisory that was originally published on April 12^th, 2022 and most recently updated on June 11^th, 2024.

Siemens Update #16 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on December 12^th, 2023, and most recently updated on June 11^th, 2024.

Siemens Update #17 - Siemens published an update for their SNMP Interface advisory that was originally published on November 23, 2017, and most recently updated on February 8^th, 2022.

Siemens Update #18 - Siemens published an update for their TIM 1531 IRC advisory that was originally published on June 11^th, 2024.

Siemens Update #19 - Siemens published an update for their PROFINET DCP Implementation advisory that was originally published on May 8^th, 2017, and most recently updated on February 8^th, 2022.

Siemens Update #20 - Siemens published an update for their GNU/Linux subsystem advisory that was originally published on April 9^th, 2024 and most recently updated on May 14^th, 2024.

Siemens Update #21 - Siemens published an update for their SINEC NMS advisory that was originally published on October 10^th, 2023.

Researcher Reports

SonicWall Report - SSD published a report that describes two vulnerabilities in the SonicWall SMA100 platform.

Synology Report - Claroty published a report that describes a classic buffer overflow vulnerability in the Synology BC500 cameras.

TP Link Report - Claroty published a report that describes three vulnerabilities in the TP-Link ER605 routers.

Exploits

VMware Exploit - Sina Kheirkhah published an exploit for a command injection vulnerability (that is listed in the CISA Known Exploited Vulnerability Catalog) in the VMware Aria Operations product.

Articles

Siemens Article - Siemens published an article on “RADIUS Advisory and the benefits of ProductCERT’s improved formats”.

 

For additional information about these disclosures, including a brief summary of the changes made in the updates, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-86f - subscription required.