Siemens, different distributors patch crucial ICS product vulnerabilities


The US Cybersecurity & Infrastructure Safety Company (CISA) launched 15 advisories masking critical vulnerabilities in industrial management merchandise from Siemens, Mitsubishi Electrical, Delta Electronics, and Softing Industrial Automation. Among the flaws are rated with excessive and demanding severity and can lead to distant code execution.

Eleven of the 15 advisories cowl vulnerabilities in Siemens merchandise, however the quantity isn’t a surprise contemplating what number of product traces Siemens has in its portfolio and the truth that the corporate is an ICS vendor with a really energetic cybersecurity program. 4 of the Siemens advisories comprise crucial severity flaws with CVSS scores between 9 and 10, whereas one other three comprise excessive severity ones with scores between 7 and 9. The remainder cowl medium and decrease severity points.

Distant code execution flaws may permit entry to tools, delicate info

The primary distant code execution vulnerability is an improper entry management concern (CVE-2022-32257) in internet service endpoints which are a part of the SINEMA Distant Join Server, a Siemens platform that permits the administration of VPN tunnels between headquarters, service technicians and put in machines or crops. The flaw is rated 9.8 and impacts SINEMA Distant Join Server variations previous to V3.2 and V3.1.

A decrease severity cross-site scripting concern (CVE-2020-23064) has additionally been patched within the jQuery library that’s a part of the service and which may permit distant attackers to execute arbitrary code through the “choices” aspect.

A high-risk vulnerability was additionally patched within the SINEMA Distant Join Consumer element. This flaw, tracked as CVE-2024-22045, may permit attackers to entry delicate info as a result of the product positioned such info into recordsdata and directories which are accessible to unauthorized customers.

A significant software program replace was additionally launched for the SIMATIC RF160B RFID cellular reader, which is a battery-powered handheld terminal utilized in many industries. The brand new model 2.2 replace addresses greater than 150 vulnerabilities found over the previous a number of years, 11 of that are rated crucial and will end in code execution.


Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *