March 12, 2024 at 12:03PM
Siemens and Schneider Electric have released their March 2024 Patch Tuesday security advisories. Siemens’ advisories cover 214 vulnerabilities, including critical flaws impacting Fortinet products. Impacted organizations can receive patch information from customer support or apply provided mitigations. Schneider Electric’s advisories describe vulnerabilities in Easergy T200 RTUs and EcoStruxure Power Design – Ecodial products.
Key Takeaways from Meeting Notes:
1. Siemens has published 11 new advisories covering a total of 214 vulnerabilities across their products.
2. A majority of the vulnerabilities (157) are described in a single advisory for the Simatic RF160B mobile reader, impacting third-party components.
3. Vulnerabilities in Fortinet’s FortiOS operating system and Fortigate firewalls also impact Siemens’ Ruggedcom APE1808 industrial application hosting platform.
4. Several critical vulnerabilities have been identified, including in Sinteso EN and Cerberus PRO EN fire protection systems, with the potential for remote arbitrary code execution.
5. Siemens has addressed vulnerabilities in Sentron, Sinema Remote Connect Server, Solid Edge, and other products, while patches for some impacted products are still pending.
6. Schneider Electric has released two advisories, one addressing vulnerabilities in Easergy T200 RTUs and the other describing a high-severity remote code execution flaw in the EcoStruxure Power Design – Ecodial products.
7. For Easergy T200 RTUs, customers are advised to upgrade to PowerLogic T300 products as no patches will be provided.