ICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches By Orbit Brain December 14, 2022 0 411 views Cyber Security News House › ICS/OTICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in SwitchesBy Eduard Kovacs on December 14, 2022TweetIndustrial giants Siemens and Schneider Electrical have addressed over 140 vulnerabilities with their December 2022 Patch Tuesday updates.SiemensAs regular, Siemens launched way more advisories and addressed way more vulnerabilities. Particularly, the corporate launched 20 new advisories addressing roughly 140 safety holes.One of many advisories informs prospects about patches for greater than 80 OpenSSL and OpenSSH vulnerabilities affecting its Scalance X-200RNA switches. The CVEs talked about within the advisory vary between 2003 and 2019. That is the one advisory with an total severity ranking of ‘crucial’.The identical switches are additionally affected by six medium- and high-severity vulnerabilities that may be exploited for cross-site scripting (XSS) assaults, denial-of-service (DoS) assaults, and session hijacking.As well as, Siemens knowledgeable prospects that a few of its merchandise are impacted by two just lately patched OpenSSL vulnerabilities tracked as CVE-2022-3602 and CVE-2022-3786. CVE-2022-3602 was initially categorized as ‘crucial’, however it was later downgraded to ‘excessive’.The corporate has additionally notified organizations utilizing its merchandise about high-severity points in Sicam PAS, Apogee/Talon, Mendix, Teamcenter Visualization, JT2Go, Scalance, Simatic, Parasolid, Ruggedcom, and Simcenter STAR-CCM+ merchandise.Exploitation of the vulnerabilities can result in distant code execution, privilege escalation, DoS assaults, data disclosure, and knowledge manipulation.Medium-severity vulnerabilities have been present in Siemens’ PLM Assist Server (not supported), Apogee/Talon discipline panels, Simatic WinCC OA, Siprotec 5 units, and the Polarion utility lifecycle administration answer.These medium-severity flaws may be exploited for XSS assaults, DoS assaults and command injection.Siemens has launched patches for a number of the impacted merchandise, however for a lot of of them fixes can be launched sooner or later. Within the meantime, mitigations and workarounds have been made out there.Schneider ElectricalSchneider Electrical has solely launched three new advisories protecting six vulnerabilities.Primarily based on CVSS scores, an important advisory covers 4 crucial and high-severity flaws affecting APC Simple UPS on-line monitoring software program. Exploitation can result in distant code execution, privilege escalation or authentication bypass.The second advisory describes a high-severity improper authorization vulnerability whose exploitation may result in unauthorized entry and knowledge disclosure.The final advisory describes a medium-severity DoS concern affecting the Saitel DR distant terminal unit (RTU).Schneider has launched software program and firmware updates that ought to patch these vulnerabilities.Associated: ICS Patch Tuesday: Siemens, Schneider Electrical Launch 19 New Safety AdvisoriesAssociated: ICS Patch Tuesday: Siemens Addresses Crucial VulnerabilitiesGet the Each day Briefing Most CurrentMost LearnCISA Warns Veeam Backup & Replication Vulnerabilities Exploited in AssaultsGoogle Broadcasts Vulnerability Scanner for Open Supply BuildersExcessive-Severity Reminiscence Security Bugs Patched With Newest Chrome 108 ReplaceSAP’s December 2022 Safety Updates Patch Crucial VulnerabilitiesSafety Corporations Warn Microsoft of Signed Drivers Used to Kill EDR, AV ProcessesEU Strikes Nearer to Stitching Up New Information Switch Deal With USApple Patches Zero-Day Vulnerability Exploited Towards iPhonesICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in SwitchesHackerOne Surpasses $230 Million in Paid Bug BountiesPatch Tuesday: Microsoft Plugs Home windows Gap Exploited in Ransomware AssaultsSearching for Malware in All of the Flawed Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By means of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice Yr To Be a Scammer.Do not Let DNS be Your Single Level of FailureTips on how to Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EngagingTips on how to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise December 2022 ICS OpenSSH openssl patch tuesday vulnerabilities Orbit Brainhttp://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Cybersecurity M&A Roundup: 45 Deals Announced in June 2022Introducing the Cyber Security News Cybersecurity M&A Roundup: 45 Deals Announced in June 2022.... July 7, 2022 Cyber Security News
IBM Security: Cost of Data Breach Hitting All-Time HighsIntroducing the Cyber Security News IBM Security: Cost of Data Breach Hitting All-Time Highs.... July 28, 2022 Cyber Security News
Recently Disclosed Vulnerability Exploited to Hack Hundreds of SugarCRM ServersIntroducing the Cyber Security News Recently Disclosed Vulnerability Exploited to Hack Hundreds of SugarCRM Servers.... January 12, 2023 Cyber Security News
North Korean Hackers Use Fake Job Offers to Deliver New macOS MalwareIntroducing the Cyber Security News North Korean Hackers Use Fake Job Offers to Deliver New macOS Malware.... August 18, 2022 Cyber Security News
New ‘RisePro’ Infostealer Increasingly Popular Among CybercriminalsIntroducing the Cyber Security News New ‘RisePro’ Infostealer Increasingly Popular Among Cybercriminals.... December 20, 2022 Cyber Security News
High-Profile Hacks Show Effectiveness of MFA Fatigue AttacksIntroducing the Cyber Security News High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks.... September 28, 2022 Cyber Security News