Siemens, different distributors patch crucial ICS product vulnerabilities

[ad_1]

The US Cybersecurity & Infrastructure Safety Company (CISA) launched 15 advisories masking critical vulnerabilities in industrial management merchandise from Siemens, Mitsubishi Electrical, Delta Electronics, and Softing Industrial Automation. Among the flaws are rated with excessive and demanding severity and can lead to distant code execution.

Eleven of the 15 advisories cowl vulnerabilities in Siemens merchandise, however the quantity isn’t a surprise contemplating what number of product traces Siemens has in its portfolio and the truth that the corporate is an ICS vendor with a really energetic cybersecurity program. 4 of the Siemens advisories comprise crucial severity flaws with CVSS scores between 9 and 10, whereas one other three comprise excessive severity ones with scores between 7 and 9. The remainder cowl medium and decrease severity points.

Distant code execution flaws may permit entry to tools, delicate info

The primary distant code execution vulnerability is an improper entry management concern (CVE-2022-32257) in internet service endpoints which are a part of the SINEMA Distant Join Server, a Siemens platform that permits the administration of VPN tunnels between headquarters, service technicians and put in machines or crops. The flaw is rated 9.8 and impacts SINEMA Distant Join Server variations previous to V3.2 and V3.1.

A decrease severity cross-site scripting concern (CVE-2020-23064) has additionally been patched within the jQuery library that’s a part of the service and which may permit distant attackers to execute arbitrary code through the “choices” aspect.

A high-risk vulnerability was additionally patched within the SINEMA Distant Join Consumer element. This flaw, tracked as CVE-2024-22045, may permit attackers to entry delicate info as a result of the product positioned such info into recordsdata and directories which are accessible to unauthorized customers.

A significant software program replace was additionally launched for the SIMATIC RF160B RFID cellular reader, which is a battery-powered handheld terminal utilized in many industries. The brand new model 2.2 replace addresses greater than 150 vulnerabilities found over the previous a number of years, 11 of that are rated crucial and will end in code execution.

[ad_2]

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

Consuleria is a leading provider of digital forensic investigations, cybersecurity, and data protection services. Our team of experts has the skills and experience to conduct investigations on both a national and international scale, including support for homeland security efforts.

Consuleria is committed to providing the highest level of security for its clients. We offer a comprehensive range of services, including security assessment and penetration testing, all of which are conducted in accordance with the highest industry standards.

 

Useful Links

Contact Us

Legal Headquarter:
Via Papa Giovanni XXIII Albenga (Sv) – ITALY
Phone: +39 393 33 58 136
Email (general): info [at] consuleria [dot] com
Email (legal): legal.office[at] consuleria [dot] com
Email (administration): amministrazione [at] consuleria [dot] com

2023 © All Rights Reserved. Privacy Policy   – P.Iva IT01871640098