ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

Posted on By CWS

Industrial giants Siemens, Rockwell Automation, Schneider Electrical, and Phoenix Contact have revealed Patch Tuesday advisories informing prospects about vulnerabilities discovered of their ICS/OT merchandise.

Siemens has revealed 14 new advisories. An total severity ranking of ‘important’ has been assigned to a few advisories protecting dozens of third-party element vulnerabilities affecting Comos, Sicam T, and Ruggedcom ROX merchandise. 

A ‘excessive severity’ ranking has been assigned to vulnerabilities present in Siemens Superior Licensing (SALT) Toolkit, IAM Consumer (a number of merchandise), Simatic CN 4100, Ruggedcom ROX, Interniche IP-Stack (a number of merchandise), and Sinec Safety Monitor.

Medium-severity points have been addressed in Vitality Companies, Constructing X-Safety Supervisor Edge Controller, Gridscale X Prepay, Ruggedcom ROS, and Sinema Distant Join Server merchandise.

The vulnerabilities might be exploited for arbitrary code execution, denial of service (DoS), unauthorized entry, man-in-the-middle (MitM) assaults, and acquiring delicate data. 

Schneider Electrical has revealed two new advisories. One among them describes the impression of an exploited Home windows Server Replace Companies (WSUS) vulnerability on the economic big’s EcoStruxure Foxboro DCS product. The second advisory covers the impression of the previous ZombieLoad vulnerability on the identical EcoStruxure product.

Rockwell Automation has additionally revealed two new advisories. One among them covers a high-severity DoS difficulty affecting the 432ES-IG3 Collection A GuardLink EtherNet/IP interface. The second advisory describes a high-severity SQL injection in FactoryTalk DataMosaix Personal Cloud.

Phoenix Contact has revealed one advisory, describing a number of XSS, DoS, authentication, and knowledge publicity vulnerabilities present in its FL SWITCH 2xxx collection switches. Commercial. Scroll to proceed studying.

The Phoenix Contact advisory has additionally been picked up by Germany’s VDE CERT. 

CISA revealed three new advisories. Every of them describes one vulnerability affecting CCTV cameras in India (lacking authentication), Festo LX Equipment (XSS), and U-Boot (code execution). 

Associated: ICS Patch Tuesday: Fixes Introduced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact

Associated: International Cyber Businesses Problem AI Safety Steering for Essential Infrastructure OT

Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Rockwell, Aveva, Schneider

Security Week News Tags:, , , , , , ,

Related Posts

‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT Security Week News
SIM Farm Dismantled in Europe, Seven Arrested Security Week News
MITRE Launches New Security Framework for Embedded Systems  Security Week News
Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks Security Week News
Nikkei Says 17,000 Impacted by Data Breach Stemming From Slack Account Hack Security Week News
Saporo Raises $8 Million for Identity Security Platform Security Week News