ICS Patch Tuesday: Siemens, Schneider Electric Address 59 Vulnerabilities By Orbit Brain July 13, 2022 0 397 viewsCyber Security News Dwelling › ICS/OTICS Patch Tuesday: Siemens, Schneider Electrical Tackle 59 VulnerabilitiesBy Eduard Kovacs on July 12, 2022TweetIndustrial giants Siemens and Schneider Electrical have launched their Patch Tuesday safety advisories for July 2022, with a complete of 13 advisories describing 59 vulnerabilities.SiemensSiemens has launched 19 new advisories that describe 46 vulnerabilities affecting the corporate’s merchandise. Two advisories are for flaws which have been rated “essential” with a CVSS rating of 10.As a sidenote, CVSS scores are sometimes deceptive within the case of vulnerabilities present in industrial management methods (ICS), however distributors usually spotlight the CVSS rating so this abstract may even give attention to the safety holes with the very best scores. Industrial organizations ought to examine all advisories from the 2 distributors and assess the dangers for his or her particular setting.One of many advisories describes three essential and high-severity vulnerabilities within the SIMATIC CP 1543-1 communication processor. Siemens says exploitation of the issues can result in arbitrary code execution with elevated privileges, however assaults can solely be launched if the Distant Join Server (SRCS) VPN characteristic is used — the characteristic shouldn’t be enabled by default.The second advisory describes one essential and one high-severity vulnerability within the SIMATIC eaSie digital assistant. The bugs might be exploited remotely to ship arbitrary requests to the system and trigger a DoS situation.One other essential vulnerability addressed in Siemens’ newest spherical of advisories is a DHCP problem that impacts older SINAMICS Excellent Concord GH180 drives and may enable entry to the drive’s inner community.The corporate has additionally knowledgeable prospects a couple of essential authentication bypass vulnerability within the Opcenter High quality high quality administration system.SCALANCE X switches are affected by a number of essential and high-severity flaws that may be exploited for DoS assaults or brute power assaults that may result in session hijacking.Ten advisories describe high-severity vulnerabilities. One in every of them covers 20 vulnerabilities within the firm’s PADS Viewer product, which might be exploited for distant code execution by tricking the focused consumer into opening a specifically crafted file.Study extra about vulnerabilities in industrial methods at SecurityWeek’s ICS Cyber Safety ConventionDifferent high-severity advisories describe points in EN100 Ethernet modules, RUGGEDCOM ROS and ROX units, SIMATIC MV500 units, Simcenter Femap and Parasolid design instruments, JT2Go and Teamcenter visualization merchandise, and SICAM A8000 units. They embody command injection, DoS, distant code execution, and authentication points.Medium-severity vulnerabilities have been present in Mendix purposes and SICAM GridEdge software program.Siemens has began releasing patches, however fixes might not but be out there for sure merchandise. Till these patches do develop into out there, the seller recommends mitigations and workarounds.Schneider ElectricalSchneider Electrical has launched 4 new advisories that describe 13 vulnerabilities. One in every of them describes a high-severity OS command injection problem within the SpaceLogic C-Bus Dwelling Controller product.Schneider has additionally knowledgeable prospects that a few of its OPC UA and X80 superior RTU communication modules are affected by three high-severity vulnerabilities that may be exploited for DoS assaults, in addition to 4 medium-severity bugs that might enable an attacker to load an unauthorized firmware picture.The corporate has additionally launched an advisory for high- and medium-severity flaws in Easergy P5 safety relays that might enable an attacker to trigger a DoS situation, get hold of a tool’s credentials, or achieve full management of a relay.One medium-severity vulnerability that may be leveraged to realize entry to different units on the community has been present in Schneider’s Acti9 PowerTag Hyperlink C vitality monitoring product.The seller has launched patches and/or mitigations for these vulnerabilities.Associated: ICS Patch Tuesday: Siemens, Schneider Electrical Tackle Over 80 VulnerabilitiesAssociated: ICS Patch Tuesday: Siemens, Schneider Electrical Tackle 43 VulnerabilitiesGet the Day by day Briefing Most LatestMost LearnMicrosoft Patch Tuesday: 84 Home windows Vulns, Together with Already-Exploited Zero-DayEuropean Central Financial institution Head Focused in Hacking TryAdobe Patch Tuesday: Important Flaws in Acrobat, Reader, PhotoshopICS Patch Tuesday: Siemens, Schneider Electrical Tackle 59 VulnerabilitiesCan ‘Lockdown Mode’ Clear up Apple’s Mercenary Spy ware Downside?ALPHV Ransomware Gang Creates Searchable Database With Sufferer KnowledgeFinal Name: CFP for ICS Cybersecurity Convention Closes July 15thAerojet Rocketdyne to Pay $9M Over Allegations of Cybersecurity ViolationsHow a VC Chooses Which Cybersecurity Startups to Fund in Difficult InstancesMicrosoft Makes Home windows Autopatch Usually AccessibleIn search of Malware in All of the Improper Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Laptop Says About YouBe in a Place to Act By way of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureHow you can Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingHow you can Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise industrial July 2022 patch tuesday Schneider Electric security updates Siemens vulnerabilities Orbit Brainhttp://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Rackspace Hit With Lawsuits Over Ransomware AttackIntroducing the Cyber Security News Rackspace Hit With Lawsuits Over Ransomware Attack.... December 12, 2022 Cyber Security News
Musk Ditches Twitter Deal, Triggering Defiant ResponseIntroducing the Cyber Security News Musk Ditches Twitter Deal, Triggering Defiant Response.... July 10, 2022 Cyber Security News
Arnica Raises $7 Million to Protect Software Developers, CodeIntroducing the Cyber Security News Arnica Raises $7 Million to Protect Software Developers, Code.... October 25, 2022 Cyber Security News
Adobe Patch Tuesday: Code Execution Flaws in Acrobat, ReaderIntroducing the Cyber Security News Adobe Patch Tuesday: Code Execution Flaws in Acrobat, Reader.... August 10, 2022 Cyber Security News
North Korean Hackers Exploit Dell Driver Vulnerability to Disable Windows SecurityIntroducing the Cyber Security News North Korean Hackers Exploit Dell Driver Vulnerability to Disable Windows Security.... October 3, 2022 Cyber Security News
SCADA Systems Involved in Many Breaches Suffered by US Ports, TerminalsIntroducing the Cyber Security News SCADA Systems Involved in Many Breaches Suffered by US Ports, Terminals.... October 6, 2022 Cyber Security News
