This morning, Siemens published two new control system security advisories and updated two previously published advisories. This was done just a little over a week after they published their normal monthly tranche of advisories and updates.
Advisories
Telecontrol Server Advisory - This advisory
describes 68 SQL injection vulnerabilities in their Telecontrol Server Basic product.
Telecontrol Server Advisory - This advisory describes an improper handling of length parameter inconsistency in their Telecontrol Server Basic product.
Updates
FortiGate NGFW Update
- This update
provides additional information on the advisory that was originally published
on March 12th, 2024, and most recently updated on March 11th,
2025.
FortiGate NGFW Update - This update
provides additional information on the advisory that was originally published
on March 12th, 2024, and most recently updated on October 8th,
2024.
For more information about these advisories, including a brief
look at the Mitre funding issue as it relates to the new Siemens advisory, see
my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/siemens-publishes-4-out-of-zone-advisories
- subscription required.
Posts
No comments:
Post a Comment