Industrial automation giants Siemens and Schneider Electric on Tuesday released several security advisories to inform customers about tens of vulnerabilities affecting their products. The companies have provided patches and recommendations for reducing the risk of exploitation.
The eight new advisories released by Siemens on this Patch Tuesday cover roughly two dozen vulnerabilities affecting its Simcenter Femap, SIMATIC TIM, Solid Edge, SIMATIC NET, Mendix, JT2Go, Teamcenter Visualization, and SIMATIC RF products.
The only advisory with an overall severity rating of critical describes 15 vulnerabilities affecting the SIMATIC NET CP 443-1 OPC UA, specifically its NTP (Network Time Protocol) component. The flaws were discovered in NTP between 2015 and 2017, but it’s not uncommon for industrial solutions providers to patch third-party software components years after the fixes were made available.
These NTP vulnerabilities can be exploited for DoS attacks, bypassing security mechanisms, executing arbitrary code remotely, obtaining information, and manipulating time.
Learn More About Vulnerabilities in Industrial Products at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits Virtual Event Series
The remaining advisories released by Siemens have an overall severity rating of high. They describe security holes that can be exploited for DoS attacks, arbitrary code execution, data extraction, privilege escalation, and bypassing security mechanisms.
Schneider Electric also described roughly two dozen vulnerabilities in the new advisories published ..
Support the originator by clicking the read the rest link below.
