"Schneider Electric has informed customers about high-severity issues in EcoStruxure IT Data Center Expert (hardcoded credentials), EcoStruxure Power Monitoring Expert and Power Operation (local arbitrary code execution), and EcoStruxure Automation Expert (command execution and full system compromise)."
"Siemens has addressed a critical stored XSS vulnerability in Simatic S7-1500 devices, and a potentially severe misconfiguration in Mendix applications. Siemens has also informed customers about vulnerabilities introduced by the use of Fortinet, OpenSSL, and other third-party components."
"Mitsubishi Electric has published one new advisory to describe a remotely exploitable DoS vulnerability in its Numerical Control Systems, including C80, M800, M800V and M700V series products."
Four major industrial control system manufacturers published Patch Tuesday advisories addressing vulnerabilities in their products. Siemens and Schneider Electric each released six advisories. Schneider Electric patched high-severity issues including hardcoded credentials in EcoStruxure IT Data Center Expert, arbitrary code execution in Power Monitoring Expert, and command execution vulnerabilities in Automation Expert. Medium-severity flaws were addressed in Modicon controllers and EcoStruxure Foxboro DCS. Siemens addressed a critical stored XSS vulnerability in Simatic S7-1500 devices and vulnerabilities from third-party components including Fortinet and OpenSSL. Mitsubishi Electric published one advisory describing a remotely exploitable denial-of-service vulnerability in Numerical Control Systems. Moxa released four advisories, three addressing Intel product vulnerabilities and one confirming Moxa products are unaffected by GNU Inetutils vulnerabilities.
#industrial-control-systems-security #patch-tuesday-advisories #critical-vulnerabilities #ics-manufacturers #cybersecurity-updates
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]