Cyber Affairs
No Result
View All Result
  • Login
  • Register
  • Home
  • Live Threat Map
  • Books
  • Careers
  • Latest
  • Podcast
  • Popular
  • Press Release
  • Reports
  • Tech Indexes
  • White Papers
  • Contact
  • AI
  • Cyber Crime
  • Intelligence
  • Laws & Regulations
  • Cyber Warfare
  • Hacktivism
  • More
    • Digital Influence Mercenaries
    • Digital Diplomacy
    • Electronic Warfare
    • Emerging Technologies
    • ICS-SCADA
    • Books
    • Careers
    • Cyber Crime
    • Cyber Intelligence
    • Cyber Laws & Regulations
    • Cyber Warfare
    • Digital Diplomacy
    • Digital Influence Mercenaries
    • Electronic Warfare
    • Emerging Technologies
    • Hacktivism
    • ICS-SCADA
    • News
    • Podcast
    • Reports
    • Tech Indexes
    • White Papers
COMMUNITY
NEWSLETTER
  • AI
  • Cyber Crime
  • Intelligence
  • Laws & Regulations
  • Cyber Warfare
  • Hacktivism
  • More
    • Digital Influence Mercenaries
    • Digital Diplomacy
    • Electronic Warfare
    • Emerging Technologies
    • ICS-SCADA
    • Books
    • Careers
    • Cyber Crime
    • Cyber Intelligence
    • Cyber Laws & Regulations
    • Cyber Warfare
    • Digital Diplomacy
    • Digital Influence Mercenaries
    • Electronic Warfare
    • Emerging Technologies
    • Hacktivism
    • ICS-SCADA
    • News
    • Podcast
    • Reports
    • Tech Indexes
    • White Papers
NEWSLETTER
No Result
View All Result
Cyber Affairs
No Result
View All Result
  • Cyber Crime
  • Cyber Intelligence
  • Cyber Laws & Regulations
  • Cyber Warfare
  • Digital Diplomacy
  • Digital Influence Mercenaries
  • Electronic Warfare
  • Emerging Technologies
  • Hacktivism
  • ICS-SCADA
  • Reports
  • White Papers
Home ICS-SCADA

ICS Patch Tuesday: Siemens, Schneider Electric Address Over 80 Vulnerabilities

admin by admin
Dec 23, 2022
in ICS-SCADA
0 0
A A
0
FacebookTwitterLinkedIn

Siemens and Schneider Electric have released their Patch Tuesday advisories for June 2022. The industrial giants have addressed a total of more than 80 vulnerabilities affecting their products.

Siemens

Siemens has released 14 advisories covering 59 vulnerabilities. Thirty of these flaws, including many rated “critical” and “high severity,” impact SINEMA Remote Connect Server. The security holes, many of which affect third-party components, can lead to remote code execution, authentication bypass, privilege escalation, command injection and information disclosure.

Several critical vulnerabilities, some of which can be exploited without authentication, have been found and patched in the SICAM GridEdge application.

A critical issue related to hardcoded credentials has been resolved in Teamcenter, but the affected component is not installed by default.

Learn more about vulnerabilities in industrial systems at

SecurityWeek’s ICS Cyber Security Conference

Critical vulnerabilities have also been found in third-party components used by the SCALANCE LPE9000 local processing engine. In addition, some Apache HTTP server vulnerabilities, including critical bugs, have been found to impact RUGGEDCOM, SINEC and SINEMA products.

High-severity flaws have been found in Spectrum Power, Mendix, EN100, SCALANCE LPE9403, SINUMERIK Edge, and Xpedition Designer products. In addition, a high-severity DoS vulnerability in OpenSSL has been found to impact tens of Siemens products, but patches have yet to be released for most of them.

Medium-severity issues have been fixed in Teamcenter Active Workspace, SCALANCE XM-400 and XR-500 devices, and SINEMA Remote Connect Server.

For many of these vulnerabilities, Siemens has only released mitigations and is still working on patches.

Schneider Electric

Schneider Electric has released eight advisories to address 24 vulnerabilities identified in its products.

Seven critical flaws that could be exploited for remote code execution have been found in the Data Server module for the IGSS SCADA product.

Two critical authentication-related vulnerabilities have been found in C-Bus Home Automation products.

The industrial giant has also informed customers about four high-severity issues related to credentials and data deserialization in the StruxureWare Data Center Expert product.

Conext ComBox is affected by vulnerabilities that can lead to clickjacking, brute-force, and CSRF attacks. EcoStruxure Cybersecurity Admin Expert is affected by two high-severity bugs that can allow device spoofing and man-in-the-middle attacks.

Medium- and low-severity vulnerabilities have been found in the Geo SCADA Mobile, EcoStruxure Power Commission, and CanBRASS products.

Schneider has released patches for all of these vulnerabilities, except for Conext ComBox, which the company discontinued in January 2020. For this product, the company recommends mitigations that reduce the risk of exploitation.

Related: ICS Patch Tuesday: Siemens, Schneider Electric Address 43 Vulnerabilities

Related: ICS Patch Tuesday: Siemens, Schneider Fix Several Critical Vulnerabilities

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by Eduard Kovacs:
Tags:



Read the full article here

ShareTweetSharePinShareShareSend

Related Articles

2023 ICS Patch Tuesday Debuts With 12 Security Advisories From Siemens, Schneider
ICS-SCADA

Industry Reactions to ‘OT:Icefall’ Vulnerabilities Found in ICS Products

2023 ICS Patch Tuesday Debuts With 12 Security Advisories From Siemens, Schneider
ICS-SCADA

Uber Settles With Federal Investigators Over 2016 Data Breach Coverup

2023 ICS Patch Tuesday Debuts With 12 Security Advisories From Siemens, Schneider
ICS-SCADA

Thousands of VNC Instances Exposed to Internet as Attacks Increase

Yucatan is at the forefront in Cybersecurity – The Yucatan Times
ICS-SCADA

Yucatan is at the forefront in Cybersecurity – The Yucatan Times

2023 ICS Patch Tuesday Debuts With 12 Security Advisories From Siemens, Schneider
ICS-SCADA

Ransomware Group Claims Access to SCADA in Confusing UK Water Company Hack

Why OT Environments Are Getting Attacked And What Organizations Can Do About It
ICS-SCADA

Why OT Environments Are Getting Attacked And What Organizations Can Do About It

Hacktivist Attacks Show Ease of Hacking Industrial Control Systems
ICS-SCADA

ICS Patch Tuesday: Siemens, Schneider Electric Fix High-Severity Vulnerabilities

Microsoft confirms Exchange zero-day flaws actively exploited in the wildSecurity Affairs
ICS-SCADA

Microsoft confirms Exchange zero-day flaws actively exploited in the wildSecurity Affairs

Lazarus employed an exploit in a Dell firmware driver in recent attacksSecurity Affairs
ICS-SCADA

Lazarus employed an exploit in a Dell firmware driver in recent attacksSecurity Affairs

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended Stories

Understanding the Implications & Guarding Privacy- Axios Security Group

Understanding the Implications & Guarding Privacy- Axios Security Group

Hackers Actively Using Pupy RAT to Attack Linux Systems

Hackers Actively Using Pupy RAT to Attack Linux Systems

Buckle Up_ BEC and VEC Attacks Target Automotive Industry

Buckle Up_ BEC and VEC Attacks Target Automotive Industry

Chinese Chipmaker Nexperia: Gigabytes of Data Stolen

Chinese Chipmaker Nexperia: Gigabytes of Data Stolen

Popular VPN Software Flaw Let Attackers Crash the Systems

Popular VPN Software Flaw Let Attackers Crash the Systems

The most important cyber news and events of the day

Be the first to know latest important news & events directly to your inbox.

By signing up, I agree to our TOS and Privacy Policy.

Popular Stories

  • Fortinet Vulnerability Exploited To Deploy RMM Tools & Backdoor

    Fortinet Vulnerability Exploited To Deploy RMM Tools & Backdoor

    0 shares
    Share 0 Tweet 0
  • Malware Trends 2024 – Top Malware Families and Types

    0 shares
    Share 0 Tweet 0
  • French Football Club Ticketing System Targeted in Cyber Attack

    0 shares
    Share 0 Tweet 0
  • Singha Durbar server continues to face cyberattacks

    0 shares
    Share 0 Tweet 0
  • Argentina – Global Investigations Review

    0 shares
    Share 0 Tweet 0
Cyber Affairs

Cyber Affairs is your one-stop news website for the latest cyber crime, cyber warfare, and all cyber related news and updates, follow us to get the news that matters to you.

LEARN MORE »

Recent News

  • Understanding the Implications & Guarding Privacy- Axios Security Group
  • Hackers Actively Using Pupy RAT to Attack Linux Systems
  • Buckle Up_ BEC and VEC Attacks Target Automotive Industry

Topics

  • AI
  • Books
  • Careers
  • Cyber Crime
  • Cyber Intelligence
  • Cyber Laws & Regulations
  • Cyber Warfare
  • Digital Diplomacy
  • Digital Influence Mercenaries
  • Electronic Warfare
  • Emerging Technologies
  • Hacktivism
  • ICS-SCADA
  • News
  • Podcast
  • Reports
  • Tech Indexes
  • Uncategorized
  • White Papers

Get Informed

The most important cyber news and events of the day

Be the first to know latest important news & events directly to your inbox.

By signing up, I agree to our TOS and Privacy Policy.

Copyright © 2022 Cyber Affairs. All rights reserved.

No Result
View All Result
  • Home
  • Cyber Crime
  • Cyber Intelligence
  • Cyber Laws & Regulations
  • Cyber Warfare
  • Digital Diplomacy
  • Digital Influence Mercenaries
  • Electronic Warfare
  • Emerging Technologies
  • Hacktivism
  • ICS-SCADA
  • Reports
  • White Papers

Copyright © 2022 Cyber Affairs. All rights reserved.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.