ICS Patch Tuesday: Siemens, Schneider Electric, CISA Issue Advisories

ICS Patch Tuesday: Siemens, Schneider Electric, CISA Issue Advisories

July 10, 2024 at 07:48AM

Major industrial control systems (ICS) providers issued security advisories, including Siemens with 17 new advisories for over 50 vulnerabilities, a critical bug in SINEMA remote connect server, and a BlastRADIUS vulnerability. Schneider Electric released four advisories for six vulnerabilities, including a critical-severity issue in Wiser Home Controller WHC-5918A. Ifm Electronic GmbH and CISA also addressed critical-severity vulnerabilities in their products.

From the meeting notes, I have gathered the following key takeaways:

1. Siemens has released 17 new security advisories addressing over 50 vulnerabilities. The most severe is a critical bug in the SINEMA remote connect server that could allow an authenticated attacker to escalate their privileges on the underlying operating system. Additionally, they published an advisory on CVE-2024-3596, the BlastRADIUS vulnerability.
2. Schneider Electric released four new advisories describing six vulnerabilities impacting its products, with a critical-severity vulnerability in the Wiser Home Controller WHC-5918A being the most important issue.
3. Ifm Electronic GmbH released patches for five vulnerabilities in the Smart PLC firmware, including two critical-severity issues that could allow attackers to access vulnerable devices with high privileges or inject OS commands.
4. The US cybersecurity agency CISA published seven ICS advisories describing vulnerabilities in Delta Electronics, Mitsubishi Electric, Johnson Controls, and PTC products, with high-severity vulnerabilities highlighted in Mitsubishi Electric MELIPC series MI5122-VW devices, Delta Electronics CNCSoft-G2, Johnson Controls C●CURE 9000, and PTC Creo Elements/Direct License Server.

These vulnerabilities and advisories emphasize the need for organizations to promptly apply patches and take necessary actions to mitigate the identified security risks.

Full Article