ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

Industrial giants Siemens, Rockwell Automation, Schneider Electric, and Phoenix Contact have published Patch Tuesday advisories informing customers about vulnerabilities found in their ICS/OT products.

Siemens has published 14 new advisories. An overall severity rating of ‘critical’ has been assigned to three advisories covering dozens of third-party component vulnerabilities affecting Comos, Sicam T, and Ruggedcom ROX products.

A ‘high severity’ rating has been assigned to vulnerabilities found in Siemens Advanced Licensing (SALT) Toolkit, IAM Client (multiple products), Simatic CN 4100, Ruggedcom ROX, Interniche IP-Stack (multiple products), and Sinec Security Monitor.

Medium-severity issues have been addressed in Energy Services, Building X-Security Manager Edge Controller, Gridscale X Prepay, Ruggedcom ROS, and Sinema Remote Connect Server products.

The vulnerabilities can be exploited for arbitrary code execution, denial of service (DoS), unauthorized access, man-in-the-middle (MitM) attacks, and obtaining sensitive information.

Schneider Electric has published two new advisories. One of them describes the impact of ...