A number of industrial management methods (ICS) giants have revealed new safety advisories this Patch Tuesday, together with Rockwell Automation, Siemens, Schneider Electrical, and Phoenix Contact.
Rockwell Automation revealed the best variety of new advisories this Patch Tuesday. The corporate launched eight new advisories, all of them overlaying high-severity vulnerabilities discovered just lately within the firm’s merchandise.
Rockwell mounted a delicate knowledge publicity situation in FactoryTalk Analytics LogixAI, and DoS and code execution points in ControlLogix controllers. It additionally addressed a distant code execution vulnerability in Stratix (Cisco) gadgets, a reminiscence corruption in 1783-NATR, a SSRF situation in Automation ThinManager, a distant code execution flaw in FactoryTalk Optix, and an information publicity situation in FactoryTalk Activation Supervisor.
Siemens has revealed seven new advisories. With a CVSS rating of 9.3, probably the most severe points impacts Simatic Virtualization as a Service and permits an attacker to entry or alter delicate knowledge.
One other vulnerability with a ‘important’ severity ranking impacts Siemens’ Consumer Administration Part (UMC) and it may be exploited for unauthenticated distant code execution or DoS assaults.
Siemens additionally addressed high-severity points in Simotion and Industrial Edge Administration merchandise. Advisories overlaying medium- and low-severity flaws have been revealed for Sinamics, Apogee PXC and Talon TC, and Sinec OS merchandise.
Schneider Electrical revealed solely two new advisories this Patch Tuesday. One in every of them covers two medium-severity OS command injection points in Saitel DR & Saitel DP RTU merchandise. The second advisory informs clients about an XSS flaw in Altivar merchandise.
Phoenix Contact has revealed two new advisories: one for 2 vulnerabilities within the Jq JSON processor utilized by FL Mguard, and one for a vulnerability launched by way of Wibu’s CodeMeter Runtime.Commercial. Scroll to proceed studying.
Honeywell has revealed a number of advisories for constructing administration merchandise, together with Maxpro and Professional-Watch NVR and VMS merchandise.
CISA has revealed 9 new and 5 up to date advisories. Of the brand new advisories, a overwhelming majority cowl the Rockwell Automation product vulnerabilities.
One CISA advisory informs organizations about ABB product vulnerabilities. The seller revealed its personal advisory for the failings, which influence its Side constructing administration system, earlier this month. The problems had been reported to ABB by researcher Gjoko Krstic, who in January claimed to have discovered over 1,000 vulnerabilities in ABB merchandise.
Germany’s CERT@VDE company revealed seven new advisories this week, together with for a important Wago controller vulnerability that may be exploited with out authentication for DoS assaults and to weaken credentials, leading to default credentials being utilized to the gadget.
CERT@VDE’s advisories additionally cowl two different Wago product vulnerabilities, two Bender Cost Controller points, and the just lately disclosed Phoenix Contact flaws.
Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact
Associated: ICS Patch Tuesday: Main Distributors Tackle Code Execution Vulnerabilities
