Today, CISA’s NCCIC-ICS published seven control system security
advisories for products from Siemens (4), Siemens Electric, and Mitsubishi (2).
They also published three updates for products from Mistusbishi, Siemens, and
SICAM Advisory #1 – This advisory
describes an unquoted search path or element vulnerability in their SICAM PQ
SICAM Advisory #2 – This advisory
describes two vulnerabilities in the Siemens SICAM A8000.
COMOS Advisory – This advisory
describes four vulnerabilities in the Siemens COMOS Web unified data platform.
SIPROTEC Advisory – This advisory
describes an improper input validation vulnerability in the SIPROTEC 5 products.
MELSEC-F Advisory #1 – This advisory
describes an improper initialization vulnerability in the Mitsubishi MELSEC-F
Series with FX3U-ENET Ethernet-Internet block.
MELSEC-F Advisory #2 – This advisory
describes a lack of administrative control over security vulnerability in the
Mitsubishi MELSEC-F Series with FX3U-ENET Ethernet-Internet block.
Trane Update – This update
provides additional information on an advisory that was originally published on
September 23rd, 2021.
Other Siemens Updates – Siemens published
six other updates yesterday that have not been covered by NCCIC-ICS. I will be
covering them this weekend.
For more details on these advisories see my article at CFSN
Detailed Analysis – https://patrickcoyle.substack.com/p/7-advisories-and-3-updates-published
– subscription required.