Yesterday CISA’s NCCIC-ICS published seven updates for
control system security advisories for products from Siemens.

PROFINET Update

This update
provides additional information on an advisory that was originally
published
on October 10th, 2019 and most
recently updated
on September 8th, 2020. The new information
includes:

• Updating affected version
information and adding mitigation measures for or SIMATIC ET200SP IM155-6 PN HA,
and

• Listing ecoPN model (6ES7148-6JG00-0BB0)
as not affected.

TIA Portal Update

This update
provides additional information on an advisory that was originally
published
on January 14th, 2020 and most
recently updated
on April 14th, 2020. The new information
includes updating affected version information and adding mitigation measures
for TIA Portal V14.

Simatic PCS 7 Update

This update
provides additional information on an advisory that was originally
published
on February 11th, 2020 and most
recently updated
on September 8th, 2020. The new information
includes adding mitigation measures for SIMATIC WinCC (TIA Portal) V14.

SCALANCE Update

This update
provides additional information on an advisory that was originally
published
on April 14th, 2020 and most
recently updated
on September 8th, 2020. The new information
includes removing the SCALANCE S-600 family as it is not affected.

SIMOTICS Update

This update
provides additional information on an advisory that was originally
published
on April 14th, 2020. The new information includes updating
affected versions and adding mitigation measures for:

• Desigo PXC, and

• Desigo PXM20

SIMATIC Update

This update
provides additional information on an advisory that was originally
published
on July 9th, 2020 and most
recently updated
on December 8th, 2020. The new information
includes updating affected versions and adding mitigation measures for:

• SIMATIC STEP 7 (TIA Portal) V14,
and

• SIMATIC WinCC Runtime
Professional V14

Opcenter Update

This update
provides additional information on an advisory that was originally
published
on July 14th, 2020 and most
recently updated
on August 11th, 2020. Then new information
includes:

• Adding an insufficiently
protected credentials vulnerability – CVE-2020-28390, and

• Updating mitigation measures

 

Additional Siemens Advisory

 

Siemens published
one additional advisory that was not addressed by NCCIC-ICS yesterday. I will
address that this weekend.

By admin