Siemens and Schneider Electric released advisories covering roughly 100 vulnerabilities affecting their products.

The 18 new advisories prepared by Siemens for the July 2021 Patch Tuesday cover nearly 80 vulnerabilities impacting the company’s products.

An advisory for JT2Go and Teamcenter Visualization covers the highest number of vulnerabilities in a single advisory — more than 40 issues related to parsing files. If an attacker can convince the targeted user to open a specially crafted file, they can crash the application or achieve arbitrary code execution on the host system.

Another advisory that covers a relatively high number of vulnerabilities is related to the impact of the 12 FragAttacks flaws on Siemens’ SCALANCE wireless communications devices.

The company has released patches and workarounds for high-severity vulnerabilities in RUGGEDCOM ROS, SINAMICS PERFECT HARMONY GH180, SINUMERIK, SIMATIC, Solid Edge, SINUMERIK Integrate products and devices using the Profinet DCP.

Schneider Electric has released six advisories covering 25 vulnerabilities in EcoStruxure, SCADAPack, Modicon, Easergy, C-Bus Toolkit, and EVlink products.

One of the vulnerabilities affecting Modicon PLCs was discovered by enterprise IoT security firm Armis, which has detailed the flaw and warned that it can be exploited to take complete control of controllers.

Source: securityweek.com