CSAF ICSA-25-037-01 wrong dates

[tschmidtb51]

🐛 Summary

The CSAF https://github.com/cisagov/CSAF/blob/f8f812b3ff077729bed453fd1d8aa39c54fbf3f0/csaf_files/OT/white/2025/icsa-25-037-01.json#L176-192 uses 2024-10-08T00:00:00.000000Z as date when the advisory was clearly meant to have 2025-02-06T07:00:00.000000Z according https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-01

To reproduce

Steps to reproduce the behavior:

1. Look at the dates on the website
2. Look at the dates in the JSON

Expected behavior

Should match

Any helpful log output or screenshots

Please do not forget to add a new revision entry for the fix - otherwise automated systems are unable to pick this up. Also be aware of the semantic version rules when creating the new entry.

[tschmidtb51]

Also, the advisories list Schneider Electric EcoStruxure Power Monitoring Expert (PME) Version 2022 as fixed (as extra product) and Schneider Electric EcoStruxure\u2122 Power Monitoring Expert (PME) Version 2022 and prior (as product version range). So the version 2022 is basically Schroedinger's product (fixed and affected at the same time).
The pdf states that there is a hotfix - the hotfix also needs to be added to the product tree - see CSAF writers' guild. (It is also wrong in Schneider's CSAF).

[tschmidtb51]

It looks like the dates were taken from the original CSAF from Schneider - looks like your CSAF modifier didn't change the value correctly.

[tschmidtb51]

@mstrad Happy to review it before you push it, if you want to.

[mstrad]

Acknowledged, we are looking into this internally.