Review – 10 Advisories published – 12-12-24

Today CISA’s NCCIC-ICS published ten control system security advisories for products from Siemens.

Advisories

SENTRON Advisory - This advisory discusses an incorrect synchronization vulnerability in the Siemens SENTRON Powercenter 1000.

Teamcenter Advisory - This advisory describes 26 vulnerabilities in the Siemens Teamcenter Visualization product.

COMOS Advisory - This advisory describes two improper restriction of XML external entity reference vulnerabilities in the Siemens COMOS products.

Solid Edge Advisory - This advisory describes three vulnerabilities in the Siemens Siemens Solid Edge SE2024 product.

Simcenter Advisory - This advisory describes two vulnerabilities in the Siemens Simcenter Femap products.

Engineering Platforms Advisory #1 - This advisory describes a deserialization of untrusted data vulnerability in the Siemens Engineering Platform.

Engineering Platforms Advisory #2 - This advisory describes an improper input validation vulnerability in the Siemens Engineering Platform.

Parasolid Advisory - This advisory describes and out-of-bounds write vulnerability in the Siemens Parasolid modeling tool.

RUGGEDCOM Advisory - This advisory describes a cross-site request forgery vulnerability in the Siemens RUGGEDCOM ROX II product.

CPCI85 Advisory - This advisory describes an insufficiently protected credentials vulnerability in the Siemens CPCI85 Central Processing/Communication product.

 

For more information on these advisories, including links to researcher reports, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/10-advisories-published-12-12-24 - subscription required.