Industrial giants Siemens and Schneider Electric have informed customers about tens of vulnerabilities in their products. Siemens released eight advisories that cover nearly two dozen vulnerabilities affecting Simcenter Femap, SIMATIC TIM, Solid Edge, SIMATIC NET, Mendix, JT2Go, Teamcenter Visualization and SIMATIC RF products.

15 critical vulnerabilities exist in SIMATIC NET CP 443-1 OPC UA, in particular, in its NTP (Network Time Protocol) component. Vulnerabilities can be exploited for DoS attacks, bypassing security mechanisms, executing arbitrary code remotely and obtaining information.

Schneider Electric described 13 issues in one of the advisories affecting the Interactive Graphical SCADA System (IGSS). The vulnerabilities have been rated high severity and their exploitation can result in loss of data or remote code execution. An attacker could exploit the vulnerabilities by getting the targeted user to open malicious files.

Two advisories describe a number of vulnerabilities affecting the Schneider PowerLogic product. The most dangerous of them allow an attacker to gain admin-level access to a device.

Source: securitylab.ru