ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

Posted on By CWS

Industrial giants Siemens, Rockwell Automation, Schneider Electrical, and Phoenix Contact have revealed Patch Tuesday advisories informing prospects about vulnerabilities discovered of their ICS/OT merchandise.

Siemens has revealed 14 new advisories. An total severity ranking of ‘important’ has been assigned to a few advisories protecting dozens of third-party element vulnerabilities affecting Comos, Sicam T, and Ruggedcom ROX merchandise. 

A ‘excessive severity’ ranking has been assigned to vulnerabilities present in Siemens Superior Licensing (SALT) Toolkit, IAM Consumer (a number of merchandise), Simatic CN 4100, Ruggedcom ROX, Interniche IP-Stack (a number of merchandise), and Sinec Safety Monitor.

Medium-severity points have been addressed in Vitality Companies, Constructing X-Safety Supervisor Edge Controller, Gridscale X Prepay, Ruggedcom ROS, and Sinema Distant Join Server merchandise.

The vulnerabilities might be exploited for arbitrary code execution, denial of service (DoS), unauthorized entry, man-in-the-middle (MitM) assaults, and acquiring delicate data. 

Schneider Electrical has revealed two new advisories. One among them describes the impression of an exploited Home windows Server Replace Companies (WSUS) vulnerability on the economic big’s EcoStruxure Foxboro DCS product. The second advisory covers the impression of the previous ZombieLoad vulnerability on the identical EcoStruxure product.

Rockwell Automation has additionally revealed two new advisories. One among them covers a high-severity DoS difficulty affecting the 432ES-IG3 Collection A GuardLink EtherNet/IP interface. The second advisory describes a high-severity SQL injection in FactoryTalk DataMosaix Personal Cloud.

Phoenix Contact has revealed one advisory, describing a number of XSS, DoS, authentication, and knowledge publicity vulnerabilities present in its FL SWITCH 2xxx collection switches. Commercial. Scroll to proceed studying.

The Phoenix Contact advisory has additionally been picked up by Germany’s VDE CERT. 

CISA revealed three new advisories. Every of them describes one vulnerability affecting CCTV cameras in India (lacking authentication), Festo LX Equipment (XSS), and U-Boot (code execution). 

Associated: ICS Patch Tuesday: Fixes Introduced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact

Associated: International Cyber Businesses Problem AI Safety Steering for Essential Infrastructure OT

Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Rockwell, Aveva, Schneider

Security Week News Tags:, , , , , , ,

Related Posts

Going Into the Deep End: Social Engineering and the AI Flood Security Week News
Black Hat USA 2025 – Summary of Vendor Announcements (Part 4) Security Week News
Identity Security Firm Saviynt Raises $700 Million at $3 Billion Valuation  Security Week News
Critical HPE OneView Vulnerability Exploited in Attacks Security Week News
GlassWorm Malware Returns to Open VSX, Emerges on GitHub Security Week News
Organizations Warned of Exploited Adobe AEM Forms Vulnerability Security Week News