ICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches By Orbit Brain December 14, 2022 0 254 views House › ICS/OTICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in SwitchesBy Eduard Kovacs on December 14, 2022TweetIndustrial giants Siemens and Schneider Electrical have addressed over 140 vulnerabilities with their December 2022 Patch Tuesday updates.SiemensAs regular, Siemens launched way more advisories and addressed way more vulnerabilities. Particularly, the corporate launched 20 new advisories addressing roughly 140 safety holes.One of many advisories informs prospects about patches for greater than 80 OpenSSL and OpenSSH vulnerabilities affecting its Scalance X-200RNA switches. The CVEs talked about within the advisory vary between 2003 and 2019. That is the one advisory with an total severity ranking of ‘crucial’.The identical switches are additionally affected by six medium- and high-severity vulnerabilities that may be exploited for cross-site scripting (XSS) assaults, denial-of-service (DoS) assaults, and session hijacking.As well as, Siemens knowledgeable prospects that a few of its merchandise are impacted by two just lately patched OpenSSL vulnerabilities tracked as CVE-2022-3602 and CVE-2022-3786. CVE-2022-3602 was initially categorized as ‘crucial’, however it was later downgraded to ‘excessive’.The corporate has additionally notified organizations utilizing its merchandise about high-severity points in Sicam PAS, Apogee/Talon, Mendix, Teamcenter Visualization, JT2Go, Scalance, Simatic, Parasolid, Ruggedcom, and Simcenter STAR-CCM+ merchandise.Exploitation of the vulnerabilities can result in distant code execution, privilege escalation, DoS assaults, data disclosure, and knowledge manipulation.Medium-severity vulnerabilities have been present in Siemens’ PLM Assist Server (not supported), Apogee/Talon discipline panels, Simatic WinCC OA, Siprotec 5 units, and the Polarion utility lifecycle administration answer.These medium-severity flaws may be exploited for XSS assaults, DoS assaults and command injection.Siemens has launched patches for a number of the impacted merchandise, however for a lot of of them fixes can be launched sooner or later. Within the meantime, mitigations and workarounds have been made out there.Schneider ElectricalSchneider Electrical has solely launched three new advisories protecting six vulnerabilities.Primarily based on CVSS scores, an important advisory covers 4 crucial and high-severity flaws affecting APC Simple UPS on-line monitoring software program. Exploitation can result in distant code execution, privilege escalation or authentication bypass.The second advisory describes a high-severity improper authorization vulnerability whose exploitation may result in unauthorized entry and knowledge disclosure.The final advisory describes a medium-severity DoS concern affecting the Saitel DR distant terminal unit (RTU).Schneider has launched software program and firmware updates that ought to patch these vulnerabilities.Associated: ICS Patch Tuesday: Siemens, Schneider Electrical Launch 19 New Safety AdvisoriesAssociated: ICS Patch Tuesday: Siemens Addresses Crucial VulnerabilitiesGet the Each day Briefing Most CurrentMost LearnCISA Warns Veeam Backup & Replication Vulnerabilities Exploited in AssaultsGoogle Broadcasts Vulnerability Scanner for Open Supply BuildersExcessive-Severity Reminiscence Security Bugs Patched With Newest Chrome 108 ReplaceSAP’s December 2022 Safety Updates Patch Crucial VulnerabilitiesSafety Corporations Warn Microsoft of Signed Drivers Used to Kill EDR, AV ProcessesEU Strikes Nearer to Stitching Up New Information Switch Deal With USApple Patches Zero-Day Vulnerability Exploited Towards iPhonesICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in SwitchesHackerOne Surpasses $230 Million in Paid Bug BountiesPatch Tuesday: Microsoft Plugs Home windows Gap Exploited in Ransomware AssaultsSearching for Malware in All of the Flawed Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By means of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice Yr To Be a Scammer.Do not Let DNS be Your Single Level of FailureTips on how to Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EngagingTips on how to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp December 2022 ICS OpenSSH openssl patch tuesday vulnerabilities Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Source Code of New ‘CodeRAT’ Backdoor Published OnlineIntroducing the Cyber Security News Source Code of New ‘CodeRAT’ Backdoor Published Online.... September 7, 2022 Cyber Security News
UK Military Investigates Hacks on Army Social Media AccountsIntroducing the Cyber Security News UK Military Investigates Hacks on Army Social Media Accounts.... July 5, 2022 Cyber Security News
Versa Networks Raises $120 Million in Pre-IPO Funding RoundIntroducing the Cyber Security News Versa Networks Raises $120 Million in Pre-IPO Funding Round.... October 27, 2022 Cyber Security News
Census Bureau Chief Defends New Privacy Tool Against CriticsIntroducing the Cyber Security News Census Bureau Chief Defends New Privacy Tool Against Critics.... November 29, 2022 Cyber Security News
Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104Introducing the Cyber Security News Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104.... August 3, 2022 Cyber Security News
Aiphone Intercom System Vulnerability Allows Hackers to Open DoorsIntroducing the Cyber Security News Aiphone Intercom System Vulnerability Allows Hackers to Open Doors.... November 15, 2022 Cyber Security News
Solana Memecoin Presale Gone Wrong: Creator Accidentally Burns $10M, Whale Makes Huge ProfitMarch 18, 2024 71
The Next Shiba Inu and Dogecoin? Dogecoin20 ICO and the Promise of Millionaire ReturnsMarch 20, 2024 68