Siemens, Schneider Electric, and Rockwell Automation released advisories for vulnerabilities in their industrial control system (ICS) products. Significant vulnerabilities, including critical flaws with CVSS scores up to 10, were addressed, mitigating risks of remote exploitation and operational disruption.
Siemens issued nine new advisories for its ICS products, highlighting six critical vulnerabilities. Among these, a critical token invalidation vulnerability in Opencenter X was assigned a CVSS score of 10, enabling attackers to bypass authentication and gain full access.
Other affected products included Mendix, Sidis Secured SmartPlug, Simatic S7-1500, Cadra, and Desigo CC, with exploits potentially leading to DoS attacks, code execution, and privilege escalation.
Schneider Electric released two advisories addressing significant vulnerabilities. One advisory focused on the IGSS product, where attackers could exploit crafted files to execute arbitrary code.
Additionally, an authentication bypass flaw in the EcoStruxure Cybersecurity Admin Expert was noted, allowing local attackers to compromise managed devices.
Rockwell Automation published 12 advisories, including two critical vulnerabilities impacting the 1715 Redundant IO product. An unauthenticated attacker could leverage CLI commands to manipulate files and tasks within the system.
Moreover, several critical DoS vulnerabilities affecting the CompactLogix and ControlLogix controllers were patched, which could cause significant operational disruptions.
While ABB and Mitsubishi Electric did not release new advisories this month, they have recognized critical and high-severity issues previously. Additionally, three ABB advisories and one Rockwell advisory were shared by CISA, emphasizing ongoing vulnerabilities in ICS systems.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Siemens, Schneider Electric, and Rockwell Automation released advisories for vulnerabilities in their industrial control system (ICS) products. Significant vulnerabilities, including critical flaws with CVSS scores up to 10, were addressed, mitigating risks of remote exploitation and operational disruption.