Review – Public ICS Disclosures – Week of 12-10-21 – Part 2

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

For Part 2, we have three vendor advisories from Schneider Electric. We also have six vendor updates for products from Schneider (2) and Siemens (4).

Schneider Advisory #1 – Schneider published an advisory describing two vulnerabilities in their Interactive Graphical SCADA System (IGSS) data collector.

Schneider Advisory #2 – Schneider published an advisory describing seven vulnerabilities in their EVlink City / Parking / Smart Wallbox Charging Stations.

Schneider Advisory #3 – Schneider published an advisory describing two separate input validation vulnerabilities in their EcoStruxure Power Monitoring Expert product.

Schneider Update #1 – Schneider published an update for their BadAlloc advisory that was originally published on November 9th, 2021 and most recently updated on November 17th, 2021.

Schneider Update #2 – Schneider published an update for their Web Server on Modicon M580 Controllers that was originally published on December 8th, 2020 and most recently updated on May 11th, 2021.

Siemens Update #1 – Siemens published an update for their NUCLEUS:13 advisory that was originally published on November 9th, 2021.

NOTE: NCCIC-ICS did not update their advisory (ICSA-21-313-03) to reflect this change.

Siemens Update #2 – Siemens published an update for their SIMATIC NET CP Modules advisory that was originally published on September 9th, 2021.

NOTE: NCCIC-ICS did not update their advisory (ICSA-21-257-06) to reflect this change.

Siemens Update #3 – Siemens published an update for their WIBU CodeMeter advisory that was originally published on November 9th, 2021.

Siemens Update #4 – Siemens published an update for their OpenSSL vulnerabilities advisory that was originally reported on July 13th, 2021 and most recently updated on November 9th, 2021.

For more details on the advisories and updates, see my article at CFSN Detailed Analysis – https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-f8e – subscription required.

Read more

Explore the site

More from the blog

Latest News