"Siemens has published eight new advisories. The company has released patches and mitigations for high-severity issues in Desigo CC, Sentron Powermanager, Simcenter Femap and Nastran, NX, Sinec NMS, Solid Edge, and Polarion products. A medium-severity flaw has been found in Siveillance Video Management Servers. Exploitation of the vulnerabilities can lead to unauthorized access, XSS, DoS, code execution, and privilege escalation."
"Schneider Electric published two new advisories. One describes two high-severity flaws that can lead to DoS, information disclosure, or code execution in EcoStruxure Building Operation Workstation and WebStation. The second advisory describes a critical issue that can result in DoS or code execution on SCADAPack RTUs. Aveva has informed customers about a high-severity DoS vulnerability in PI Data Archive and a medium-severity unauthorized access issue in PI to Connect Agent."
"Phoenix Contact has released an advisory to address a 2024 OpenSSL vulnerability. The advisory was also picked up by Germany's VDE CERT, which also published an advisory for Wago managed switch flaws. CISA published five new advisories on Patch Tuesday. They describe vulnerabilities in Yokogawa Fast/Tools, Zlan ZLAN5143D, and the Zoll ePCR mobile application, as well as the Aveva issues disclosed on Tuesday"
Siemens released eight advisories with patches and mitigations for high-severity flaws in Desigo CC, Sentron Powermanager, Simcenter Femap and Nastran, NX, Sinec NMS, Solid Edge, and Polarion, and reported a medium-severity flaw in Siveillance Video Management Servers. Siemens also warned that the Siport desktop client lacks anti-tamper protections and modern exploit mitigations, making it susceptible to unauthorized modification. Schneider Electric published advisories for high-severity flaws in EcoStruxure Building Operation Workstation and WebStation and a critical issue affecting SCADAPack RTUs. Aveva reported a high-severity DoS in PI Data Archive and a medium unauthorized-access issue in PI to Connect Agent. Phoenix Contact and VDE CERT addressed OpenSSL and managed switch flaws, and CISA published five advisories covering multiple ICS products.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]