CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

ICS/OT·Vulnerabilities

ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact

Several vulnerabilities have been patched and mitigated across the industrial giants’ products. The post ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact appeared first on SecurityWeek.

ICS Patch Tuesday

Industrial giants Siemens, Schneider Electric, Aveva, and Phoenix Contact have published Patch Tuesday advisories informing customers about vulnerabilities found in their ICS/OT products.

Siemens has published eight new advisories. The company has released patches and mitigations for high-severity issues in Desigo CC, Sentron Powermanager, Simcenter Femap and Nastran, NX, Sinec NMS, Solid Edge, and Polarion products. A medium-severity flaw has been found in Siveillance Video Management Servers. 

Exploitation of the vulnerabilities can lead to unauthorized access, XSS, DoS, code execution, and privilege escalation. 

Siemens has also released an advisory that describes the lack of anti-tamper protections and modern exploit mitigation controls in the Siport desktop client application. “As a result, the application is susceptible to unauthorized modification and potential abuse,” the company explained.

Schneider Electric published two new advisories. One describes two high-severity flaws that can lead to DoS, information disclosure, or code execution in EcoStruxure Building Operation Workstation and WebStation.

The second advisory describes a critical issue that can result in DoS or code execution on SCADAPack RTUs.

Aveva has informed customers about a high-severity DoS vulnerability in PI Data Archive and a medium-severity unauthorized access issue in PI to Connect Agent.

Phoenix Contact has released an advisory to address a 2024 OpenSSL vulnerability. The advisory was also picked up by Germany’s VDE CERT, which also published an advisory for Wago managed switch flaws.

CISA published five new advisories on Patch Tuesday. They describe vulnerabilities in Yokogawa Fast/Tools, Zlan ZLAN5143D, and the Zoll ePCR mobile application, as well as the Aveva issues disclosed on Tuesday

In the days leading up to Patch Tuesday, advisories were published by Mitsubishi Electric for vulnerabilities in Freqship-mini for Windows and Melsec iQ-R, and by Moxa for security holes in industrial computers and switches.

Related: Default ICS Credentials Exploited in Destructive Attack on Polish Energy Facilities

Related: ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix Contact

Related: ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

Latest News

CYBERNEWSMEDIAPublisher