Yesterday, CISA’s NCCIC-ICS updated 11 control system
security advisories for products from Siemens. There was also a 7th
advisory published yesterday which I missed because it was buried in the list
of updates.

Solid Edge Advisory – This advisory
describes five vulnerabilities in the Siemens Solid Edge, JT2Go, and Teamcenter
Visualization products.

PROFINET Update – This update
provides additional information on an advisory that was originally
published
on May 9th, 2017 and most
recently updated
on October 14th, 2021.

NOTE: The Siemens Advisory also announced that no
remediation was planned for SIMATIC
CP 443-1
OPC UA

SCALANCE X Update #1 – This update
provides additional information on an advisory that was originally
published
on August 13th, 2019 and most
recently updated
on September 14th, 2021.

NOTE: The Siemens
Advisory
also announces that there is no fix planned for the newly added SCALANCE
X204RNA products.

SCALANCE X Update #2 – This update
provides additional information on an advisory that was originally
published
on January 14th, 2020.

NOTE: The Siemens
Advisory
also announces that there is no fix planned for the newly added SCALANCE
X204RNA products.

Industrial Products Update #1 – This update
provides additional information on an advisory that was originally
published
on February 11th, 2020 and most
recently updated
on April 13th, 2021.

NOTE: The Siemens Advisory also notes that no remediations are
planned for SIMATIC CP 443-1 OPC UA, SIMATIC CP 343-1 Advanced, and SIPLUS NET
CP 343-1 Advanced.

Industrial Products Update #2 – This update
provides additional information on an advisory that was originally
published
on August 10th, 2021.

SCALANCE Update – This update
provides additional information on an advisory that was originally
published
on April 14th, 2020 and most
recently updated
on September 14th, 2021.

TCP/IP Stack Update – This update
provides additional information on an advisory that was originally
published
on March 9th, 2021 and most
recently updated
on August 10th, 2021.

LOGO! Update – This update
provides additional information on an advisory that was originally
published
on September 14th, 2021.

SIMATIC Update – This update
provides additional information on an advisory that was originally
published
on November 11th, 2021.

Healthineers Update – This update
provides additional information on an advisory that was originally
published
on December 16th, 2021.

COMOS Update – This update
provides additional information on an advisory that was originally
published
on January 13th, 2022

NOTE: The Siemens
Advisory
also notes that there are no plans to develop mitigation measures
for versions 10.2 or 10.3.3.2.14 or later.

Other Siemens Updates – Siemens published
31 additional advisories on Tuesday. I will cover those this weekend.

 

For additional information on this updates, see my article
at CSFN Detailed Analysis – https://patrickcoyle.substack.com/p/1-advisory-and-11-updates-published
– subscription required.

Go to Source of this post
Author Of this post: PJCoyle

By admin