April 9, 2024 at 09:42AM
Siemens and Schneider Electric have released April 2024 Patch Tuesday advisories. Siemens published eight advisories, including 80 vulnerabilities in ICS products. Notably, patches for three critical code execution flaws in Scalance W1750D access points were announced. Meanwhile, Schneider Electric disclosed a high-severity privilege escalation vulnerability in its Easergy Studio product.
From the meeting notes, it is clear that Siemens and Schneider Electric have both published their Patch Tuesday advisories for April 2024, detailing vulnerabilities found in their respective ICS products over the past month.
Siemens has issued eight new advisories, covering approximately 80 vulnerabilities. Some highlights include critical arbitrary code execution vulnerabilities in Scalance W1750D access points and vulnerabilities introduced by the use of Palo Alto Networks virtual next-generation firewalls, impacting Siemens’ Ruggedcom APE1808. Mitigations are currently available for some vulnerabilities.
It’s important to note that Siemens typically addresses a higher number of vulnerabilities each month compared to other vendors, reflecting the company’s commitment to securing its products rather than evidence of their products being more vulnerable.
On the other hand, Schneider Electric has released one new advisory, addressing a high-severity privilege escalation vulnerability in its Easergy Studio product.
The meeting notes also mention that Siemens had previously informed customers about vulnerabilities in products from vendors such as Fortinet and Nozomi Networks. Additionally, there are ongoing patch releases for vulnerabilities in products like Simatic S7-100, Sinec NMS, Parasolid, and Simatic WinCC, with only mitigations currently available for some of them.
Lastly, there are related topics highlighted in the meeting notes, including the UK Government’s release of Cloud SCADA security guidance and a survey showing that 1 in 4 organizations had to shut down OT operations due to cyberattacks.
These clear takeaways from the meeting notes provide a concise summary of the key information discussed regarding the Patch Tuesday advisories from Siemens and Schneider Electric, as well as related industry news.