House › ICS/OT

ICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches

By Eduard Kovacs on December 14, 2022

Tweet

Industrial giants Siemens and Schneider Electrical have addressed over 140 vulnerabilities with their December 2022 Patch Tuesday updates.

Siemens

As regular, Siemens launched way more advisories and addressed way more vulnerabilities. Particularly, the corporate launched 20 new advisories addressing roughly 140 safety holes.

One of many advisories informs prospects about patches for greater than 80 OpenSSL and OpenSSH vulnerabilities affecting its Scalance X-200RNA switches. The CVEs talked about within the advisory vary between 2003 and 2019. That is the one advisory with an total severity ranking of ‘crucial’.

The identical switches are additionally affected by six medium- and high-severity vulnerabilities that may be exploited for cross-site scripting (XSS) assaults, denial-of-service (DoS) assaults, and session hijacking.

As well as, Siemens knowledgeable prospects that a few of its merchandise are impacted by two just lately patched OpenSSL vulnerabilities tracked as CVE-2022-3602 and CVE-2022-3786. CVE-2022-3602 was initially categorized as ‘crucial’, however it was later downgraded to ‘excessive’.

The corporate has additionally notified organizations utilizing its merchandise about high-severity points in Sicam PAS, Apogee/Talon, Mendix, Teamcenter Visualization, JT2Go, Scalance, Simatic, Parasolid, Ruggedcom, and Simcenter STAR-CCM+ merchandise.

Exploitation of the vulnerabilities can result in distant code execution, privilege escalation, DoS assaults, data disclosure, and knowledge manipulation.

Medium-severity vulnerabilities have been present in Siemens’ PLM Assist Server (not supported), Apogee/Talon discipline panels, Simatic WinCC OA, Siprotec 5 units, and the Polarion utility lifecycle administration answer.

These medium-severity flaws may be exploited for XSS assaults, DoS assaults and command injection.

Siemens has launched patches for a number of the impacted merchandise, however for a lot of of them fixes can be launched sooner or later. Within the meantime, mitigations and workarounds have been made out there.

Schneider Electrical

Schneider Electrical has solely launched three new advisories protecting six vulnerabilities.

Primarily based on CVSS scores, an important advisory covers 4 crucial and high-severity flaws affecting APC Simple UPS on-line monitoring software program. Exploitation can result in distant code execution, privilege escalation or authentication bypass.

The second advisory describes a high-severity improper authorization vulnerability whose exploitation may result in unauthorized entry and knowledge disclosure.

The final advisory describes a medium-severity DoS concern affecting the Saitel DR distant terminal unit (RTU).

Schneider has launched software program and firmware updates that ought to patch these vulnerabilities.

Associated: ICS Patch Tuesday: Siemens, Schneider Electrical Launch 19 New Safety Advisories

Associated: ICS Patch Tuesday: Siemens Addresses Crucial Vulnerabilities

Get the Each day Briefing

• Most Current
• Most Learn

• CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Assaults
• Google Broadcasts Vulnerability Scanner for Open Supply Builders
• Excessive-Severity Reminiscence Security Bugs Patched With Newest Chrome 108 Replace
• SAP’s December 2022 Safety Updates Patch Crucial Vulnerabilities
• Safety Corporations Warn Microsoft of Signed Drivers Used to Kill EDR, AV Processes
• EU Strikes Nearer to Stitching Up New Information Switch Deal With US
• Apple Patches Zero-Day Vulnerability Exploited Towards iPhones
• ICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches
• HackerOne Surpasses $230 Million in Paid Bug Bounties
• Patch Tuesday: Microsoft Plugs Home windows Gap Exploited in Ransomware Assaults

Searching for Malware in All of the Flawed Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Pc Says About You

Be in a Place to Act By means of Cyber Situational Consciousness

Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice Yr To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

Tips on how to Establish Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Engaging

Tips on how to Defend Towards DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

http://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.