Industrial giants Siemens and Schneider Electrical on Tuesday launched practically a dozen safety advisories describing a complete of greater than 50 vulnerabilities affecting their merchandise.
The businesses have launched patches and mitigations to handle these vulnerabilities.
Siemens has launched 5 new advisories protecting 33 vulnerabilities. The corporate knowledgeable prospects that an replace for its SINEC community administration system patches 15 flaws, together with ones that may be exploited for arbitrary code execution. Whereas a few of them have been assigned a excessive severity ranking, exploitation requires authentication.
For its SCALANCE W1750D controller-based direct entry factors, Siemens launched patches and mitigations protecting 15 vulnerabilities, together with important weaknesses that may permit a distant, unauthenticated attacker to trigger a DoS situation or execute arbitrary code on the underlying working system. The W1750D is a brand-labeled machine from Aruba, and a majority of the failings exist within the ArubaOS working system.
The corporate has additionally knowledgeable prospects a couple of important authentication vulnerability within the SIMATIC Course of Historian. An attacker can exploit the flaw to insert, modify or delete knowledge.
The 2 remaining advisories tackle high-severity denial of service (DoS) vulnerabilities in SINUMERIK controllers and RUGGEDCOM ROX gadgets. Within the case of the RUGGEDCOM gadgets, an unauthenticated attacker may trigger a everlasting DoS situation in sure circumstances.
Schneider Electrical has launched 6 new advisories protecting 20 vulnerabilities. One advisory describes the influence of 11 Home windows flaws on the corporate’s Conext solar energy plant merchandise. The safety holes had been patched by Microsoft in 2019 and 2020 and plenty of of them have important or excessive severity rankings.
One other advisory describes two important, one high-severity and one medium-severity vulnerabilities affecting Schneider’s IGSS SCADA system. The corporate says the worst case exploitation state of affairs “may lead to an attacker having access to the Home windows Working System on the machine working IGSS in manufacturing.”
The corporate additionally knowledgeable customers a couple of high-severity data disclosure vulnerability affecting spaceLYnk, Wiser For KNX, and fellerLYnk merchandise, and a high-severity command execution concern within the ConneXium community supervisor software program.
The final advisory describes the influence of two AMNESIA:33 vulnerabilities on Modicon TM5 modules. AMNESIA:33 is the title assigned to 33 flaws recognized final 12 months throughout 4 open supply TCP/IP stacks.