Major industrial companies including Siemens, Schneider Electric, Aveva, Rockwell Automation, ABB, Phoenix Contact, Mitsubishi Electric, and Moxa have disclosed new security advisories following the recent Patch Tuesday. These announcements address a range of vulnerabilities affecting their Industrial Control Systems (ICS).
Siemens Leads with Nine Advisories
Siemens has been proactive, issuing nine new advisories. Among these, a critical advisory addresses older Wi-Fi vulnerabilities in Scalance W-700 devices. The company has also resolved high-severity issues in Sinec NMS, Ruggedcom Crossbow, and Industrial Edge Management, involving authentication bypass and privilege escalation risks. Additionally, medium-severity vulnerabilities in their TPM and Analytics Toolkit have been mitigated.
Siemens is also participating in the CVE Program’s new Supplier Authorized Data Publisher (SADP) initiative, allowing vendors to enhance vulnerability details. Other tech leaders like Cisco and Microsoft are part of this pilot project.
Schneider Electric and Aveva Announcements
Schneider Electric has released three advisories, one of which details the impact of the recently disclosed BlastRadius vulnerability on Modicon Networking Managed Switches. The remaining advisories cover medium-severity vulnerabilities in PowerChute Serial Shutdown software and Easergy MiCOM Px40 relays.
Aveva has alerted customers to a critical flaw in Pipeline Simulation, involving missing authorization and privilege escalation vulnerabilities.
Rockwell, ABB, and Other Industry Updates
Rockwell Automation has issued a critical notice advising customers to disconnect PLCs from the internet due to potential threat activities, possibly linked to Iranian threat groups targeting critical infrastructure.
ABB announced four advisories, three concerning third-party vulnerabilities in Ability Camera Connect and System 800xA, and a DoS vulnerability in the System 800xA and Symphony Plus IEC 61850 stack.
Phoenix Contact, Mitsubishi Electric, and Moxa have also issued advisories addressing various vulnerabilities, from DoS threats in Realtek chips to privilege escalation issues in MxGeneralIo.
Continued Vigilance in ICS Security
Since the last Patch Tuesday, organizations like CISA and Germany’s CERT@VDE have issued advisories for numerous other manufacturers, highlighting the ongoing need for vigilance in ICS security. As these new advisories demonstrate, maintaining updated security measures is crucial in protecting critical infrastructure from emerging threats.
