ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Rockwell, Aveva, Schneider

Industrial giants Siemens, Schneider Electric, Rockwell Automation, and Aveva have released Patch Tuesday advisories informing customers about vulnerabilities in their ICS/OT products.

Siemens published six new advisories. One of them covers two vulnerabilities in the Comos plant engineering software, including a critical code execution flaw, and a high-severity security bypass issue.

Vulnerabilities have also been addressed in Siemens Solid Edge (remote MitM, code execution), Altair Grid Engine (code execution), Logo! 8 BM (code execution, DoS, settings tampering), and Sicam P850 (CSRF) products.

Rockwell Automation published five new advisories on November 11, each covering high-severity vulnerabilities found in various products.

The company informed customers of its Verve Asset Manager OT security platform that the product is affected by a high-severity access control issue that allows unauthorized read-only users to tamper with other user accounts via an API.

In the Studio 5000 integrated design environment for Logix 5000 controllers, Rockwell fixed ...