Today, CISA’s NCCIC-ICS published 6 control system security
advisories for products from Siemens.

NOTE: They also published 12 updates for Siemens’
advisories. I will cover those in a separate post.

Spectrum Power Advisory – This advisory
describes a cross-site scripting vulnerability in the Siemens SINEMA Spectrum
Power 4.

SICAM Advisory – This advisory
describes a use of hard-coded credentials vulnerability in the Siemens SICAM
TOOLBOX II software platform.

SINEMA Advisory – This advisory
describes an open redirect vulnerability in the Siemens SINEMA Remote Connect
Server.

Simcenter Advisory – This advisory
describes 11 vulnerabilities in the Siemens Simcenter Femap advanced simulation
application.

WinCC and PCS Advisory – This advisory
describes two vulnerabilities in the Siemens SIMATIC WinCC and PCS.

NOTE: The Siemens
advisory
reports that there are no fixes planned for the following products:

• SIMATIC PCS 7 V8.2 and earlier,
and

• SIMATIC PCS 7 V9.0:

Industrial Products Advisory – This advisory
describes three vulnerabilities in the Siemens SIMATIC Industrial Products. The
vulnerabilities were reported by Gao Jian.

Other Siemens Advisories – Siemens published
three other new advisories on Tuesday. I will be covering them this weekend.

 

For more details about these advisories, including links to
researcher reports, see my article at CFSN Detailed Analysis – https://patrickcoyle.substack.com/p/6-advisories-published-2-10-22
– subscription required.

Go to Source of this post
Author Of this post: PJCoyle

By admin