Today CISA’s NCCIC-ICS published 17 advisories for products from Universal Robots and Siemens (16) and updated an advisory for products from SWTCH.
Siemens published two additional advisories this week that were not covered today by CISA. I will address them this weekend.
Advisories
Universal Robots Advisory - This advisory describes an OS command injection vulnerability in the UR Polyscope 5 software.
Ruggedcom Advisory #1 - This advisory discusses 35 vulnerabilities in the Siemens Ruggedcom Rox product.
Ruggedcom Advisory #2 - This advisory describes an OS command injection vulnerability in the Siemens Ruggedcom Rox product.
Ruggedcom Advisory #3 - This advisory describes an OS command injection vulnerability in the Siemens Ruggedcom Rox.
Ruggedcom Advisory #4 - This advisory describes an argument injection vulnerability in the Siemens Ruggedcom Rox.
SIMATIC Advisory #1 - This advisory describes three vulnerabilities in the Siemens SIMATIC S7 PLC Web Server.
SIMATIC Advisory #2 - This advisory discusses 171 vulnerabilities in the Siemens SIMATIC CN 4100.
SIMATIC Advisory #3 - This advisory describes an insecure default initialization of resource vulnerability in the Siemens SIMATIC HMI Unified Comfort Panels.
SENTRON Advisory - This advisory discusses an HTTP request/response smuggling vulnerability in the Siemens SENTRON 7KT PAC1261 Data Manager.
SIPROTEC Advisory - This advisory describes a small space of random values vulnerability in the Siemens SIPROTEC 5 products.
Opcenter Advisory - This advisory discusses a missing authentication for critical function vulnerability in the Siemens Opcenter RDnL product.
ROS# Advisory - This advisory describes a relative path traversal vulnerability in the Siemens ROS#.
Industrial Devices Advisory - This advisory describes a NULL pointer dereference vulnerability in the Siemens Industrial Devices product line.
Simcenter Advisory - This advisory describes a heap-based buffer overflow vulnerability in the Siemens Simcenter Femap product.
Teamcenter Advisory - This advisory discusses three vulnerabilities (one with publicly available exploit) in the Siemens Teamcenter products.
GWAP Advisory - This advisory discusses an HTTP request/response splitting vulnerability in the Siemens gPROMS Web Applications Publisher (gWAP).
Updates
SWTCH Update - This update provides additional information on the SWTCH EV advisory that was originally published on February 26th, 2026.
For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/17-advisories-and-1-update-published-543 - subscription required.
Posts
No comments:
Post a Comment