Yesterday, CISA’s NCCIC-ICS updated 11 control system
security advisories for products from Siemens. There was also a 7^th
advisory published yesterday which I missed because it was buried in the list
of updates.

Solid Edge Advisory – This advisory
describes five vulnerabilities in the Siemens Solid Edge, JT2Go, and Teamcenter
Visualization products.

PROFINET Update – This update
provides additional information on an advisory that was originally
published on May 9th, 2017 and most
recently updated on October 14^th, 2021.

NOTE: The Siemens Advisory also announced that no
remediation was planned for SIMATIC
CP 443-1 OPC UA

SCALANCE X Update #1 – This update
provides additional information on an advisory that was originally
published on August 13^th, 2019 and most
recently updated on September 14^th, 2021.

NOTE: The Siemens
Advisory also announces that there is no fix planned for the newly added SCALANCE
X204RNA products.

SCALANCE X Update #2 – This update
provides additional information on an advisory that was originally
published on January 14^th, 2020.

NOTE: The Siemens
Advisory also announces that there is no fix planned for the newly added SCALANCE
X204RNA products.

Industrial Products Update #1 – This update
provides additional information on an advisory that was originally
published on February 11^th, 2020 and most
recently updated on April 13^th, 2021.

NOTE: The Siemens Advisory also notes that no remediations are
planned for SIMATIC CP 443-1 OPC UA, SIMATIC CP 343-1 Advanced, and SIPLUS NET
CP 343-1 Advanced.

Industrial Products Update #2 – This update
provides additional information on an advisory that was originally
published on August 10^th, 2021.

SCALANCE Update – This update
provides additional information on an advisory that was originally
published on April 14^th, 2020 and most
recently updated on September 14^th, 2021.

TCP/IP Stack Update – This update
provides additional information on an advisory that was originally
published on March 9^th, 2021 and most
recently updated on August 10^th, 2021.

LOGO! Update – This update
provides additional information on an advisory that was originally
published on September 14^th, 2021.

SIMATIC Update – This update
provides additional information on an advisory that was originally
published on November 11^th, 2021.

Healthineers Update – This update
provides additional information on an advisory that was originally
published on December 16^th, 2021.

COMOS Update – This update
provides additional information on an advisory that was originally
published on January 13^th, 2022

NOTE: The Siemens
Advisory also notes that there are no plans to develop mitigation measures
for versions 10.2 or 10.3.3.2.14 or later.

Other Siemens Updates – Siemens published
31 additional advisories on Tuesday. I will cover those this weekend.

For additional information on this updates, see my article
at CSFN Detailed Analysis – https://patrickcoyle.substack.com/p/1-advisory-and-11-updates-published
– subscription required.