New Security Alerts from Siemens, Schneider Electric and CISA for ICS Systems
Security Updates Address Multiple Vulnerabilities Across Industries
This week’s Patch Tuesday saw several major vendors release security updates to address multiple vulnerabilities across various industries.
- Siemens released 18 new security advisories, including several critical ones, which affect a range of products such as Sentron 7KT PAC1261 Data Manager, Simatic S7 PLC web server, Ruggedcom Rox, ROS#, Simatic CN4100, and Opcenter RDnL.
- A notable concern is the discovery of a recently disclosed vulnerability in Siemens’ Ruggedcom APE1808 product, which affects Palo Alto Networks PAN-OS. This vulnerability has reportedly been exploited in the wild, potentially by Chinese state-sponsored actors.
- Siemens has resolved high-severity vulnerabilities in Simcenter Femap, Teamcenter, gPROMS Web Applications Publisher, and Ruggedcom Rox, which could allow for remote code execution.
- Schneider Electric published four new advisories addressing high-severity vulnerabilities in their EcoStruxure Panel Server, EasyLogic T150 and Saitel DP RTU, and EasyLogic, PowerLogic, Easergy, and EcoStruxure products. These vulnerabilities could enable sensitive information exposure, unauthorized file access, and session hijacking.
- Germany’s CERT@VDE also issued a new advisory describing a medium-severity denial-of-service (DoS) flaw in Codesys Modbus.
- The US Cybersecurity and Infrastructure Security Agency (CISA) released advisories for several ABB product vulnerabilities over the past two weeks and on Patch Tuesday, it also released advisories for security holes found in products from Subnet Solutions, Fuji Electric, Maxhub, and Johnson Controls.
These updates highlight the ongoing efforts of vendors to address emerging threats and vulnerabilities across various industries, underscoring the importance of timely patches and proactive security measures.
About Author
English