ICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches By Orbit Brain December 14, 2022 0 245 views House › ICS/OTICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in SwitchesBy Eduard Kovacs on December 14, 2022TweetIndustrial giants Siemens and Schneider Electrical have addressed over 140 vulnerabilities with their December 2022 Patch Tuesday updates.SiemensAs regular, Siemens launched way more advisories and addressed way more vulnerabilities. Particularly, the corporate launched 20 new advisories addressing roughly 140 safety holes.One of many advisories informs prospects about patches for greater than 80 OpenSSL and OpenSSH vulnerabilities affecting its Scalance X-200RNA switches. The CVEs talked about within the advisory vary between 2003 and 2019. That is the one advisory with an total severity ranking of ‘crucial’.The identical switches are additionally affected by six medium- and high-severity vulnerabilities that may be exploited for cross-site scripting (XSS) assaults, denial-of-service (DoS) assaults, and session hijacking.As well as, Siemens knowledgeable prospects that a few of its merchandise are impacted by two just lately patched OpenSSL vulnerabilities tracked as CVE-2022-3602 and CVE-2022-3786. CVE-2022-3602 was initially categorized as ‘crucial’, however it was later downgraded to ‘excessive’.The corporate has additionally notified organizations utilizing its merchandise about high-severity points in Sicam PAS, Apogee/Talon, Mendix, Teamcenter Visualization, JT2Go, Scalance, Simatic, Parasolid, Ruggedcom, and Simcenter STAR-CCM+ merchandise.Exploitation of the vulnerabilities can result in distant code execution, privilege escalation, DoS assaults, data disclosure, and knowledge manipulation.Medium-severity vulnerabilities have been present in Siemens’ PLM Assist Server (not supported), Apogee/Talon discipline panels, Simatic WinCC OA, Siprotec 5 units, and the Polarion utility lifecycle administration answer.These medium-severity flaws may be exploited for XSS assaults, DoS assaults and command injection.Siemens has launched patches for a number of the impacted merchandise, however for a lot of of them fixes can be launched sooner or later. Within the meantime, mitigations and workarounds have been made out there.Schneider ElectricalSchneider Electrical has solely launched three new advisories protecting six vulnerabilities.Primarily based on CVSS scores, an important advisory covers 4 crucial and high-severity flaws affecting APC Simple UPS on-line monitoring software program. Exploitation can result in distant code execution, privilege escalation or authentication bypass.The second advisory describes a high-severity improper authorization vulnerability whose exploitation may result in unauthorized entry and knowledge disclosure.The final advisory describes a medium-severity DoS concern affecting the Saitel DR distant terminal unit (RTU).Schneider has launched software program and firmware updates that ought to patch these vulnerabilities.Associated: ICS Patch Tuesday: Siemens, Schneider Electrical Launch 19 New Safety AdvisoriesAssociated: ICS Patch Tuesday: Siemens Addresses Crucial VulnerabilitiesGet the Each day Briefing Most CurrentMost LearnCISA Warns Veeam Backup & Replication Vulnerabilities Exploited in AssaultsGoogle Broadcasts Vulnerability Scanner for Open Supply BuildersExcessive-Severity Reminiscence Security Bugs Patched With Newest Chrome 108 ReplaceSAP’s December 2022 Safety Updates Patch Crucial VulnerabilitiesSafety Corporations Warn Microsoft of Signed Drivers Used to Kill EDR, AV ProcessesEU Strikes Nearer to Stitching Up New Information Switch Deal With USApple Patches Zero-Day Vulnerability Exploited Towards iPhonesICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in SwitchesHackerOne Surpasses $230 Million in Paid Bug BountiesPatch Tuesday: Microsoft Plugs Home windows Gap Exploited in Ransomware AssaultsSearching for Malware in All of the Flawed Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By means of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice Yr To Be a Scammer.Do not Let DNS be Your Single Level of FailureTips on how to Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EngagingTips on how to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp December 2022 ICS OpenSSH openssl patch tuesday vulnerabilities Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Security Firms Warn Microsoft of Signed Drivers Used to Kill EDR, AV ProcessesIntroducing the Cyber Security News Security Firms Warn Microsoft of Signed Drivers Used to Kill EDR, AV Processes.... December 15, 2022 Cyber Security News
Two Big OT Security Concerns Related to People: Human Error and Staff ShortagesIntroducing the Cyber Security News Two Big OT Security Concerns Related to People: Human Error and Staff Shortages.... July 15, 2022 Cyber Security News
Rackspace Completes Investigation Into Ransomware AttackIntroducing the Cyber Security News Rackspace Completes Investigation Into Ransomware Attack.... January 6, 2023 Cyber Security News
ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing CustomersIntroducing the Cyber Security News ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing Customers.... November 10, 2022 Cyber Security News
Google Making Cobalt Strike Pentesting Tool Harder to AbuseIntroducing the Cyber Security News Google Making Cobalt Strike Pentesting Tool Harder to Abuse.... November 22, 2022 Cyber Security News
Cisco Warns of Critical Vulnerability in EoL Small Business RoutersIntroducing the Cyber Security News Cisco Warns of Critical Vulnerability in EoL Small Business Routers.... January 13, 2023 Cyber Security News
Pantera Capital Plans $250M Solana (SOL) Buy, Analyst Predicts Record Rally Toward $1000March 8, 2024 74