Siemens and Schneider Electric released 18 security advisories addressing a total of more than 50 vulnerabilities affecting their products.

The vendors have provided patches, mitigations, and general security recommendations for reducing the risk of attacks.

Siemens has released 10 new advisories and they cover a total of 32 vulnerabilities.

One of the most important advisory is for the impact of the DNS-related vulnerabilities dubbed “NAME:WRECK” on the company’s SGT industrial gas turbines. Another advisory from Siemens describes a couple of high-severity vulnerabilities in the ProFTPD component of its SIMATIC CP 1543-1 and CP 1545-1 devices. The security holes can allow an attacker to remotely obtain sensitive information or execute arbitrary code.

A high severity rating has also been assigned to a missing authentication issue affecting SIMATIC S7-1200 PLCs. An attacker can exploit the flaw to bypass authentication and download arbitrary programs.

An advisory describing vulnerabilities in JT2Go and Teamcenter Visualization covers seven flaws that can be exploited for DoS attacks, information disclosure or remote code execution.

In its Solid Edge product, Siemens patched two high-severity code execution vulnerabilities. The last high-severity bug addressed by the company is an OS command injection issue affecting the SINEC NMS (network management system).

Schneider Electric also published eight new advisories covering a total of 25 vulnerabilities.

The industrial giant has published two advisories describing the impact of Windows vulnerabilities. Another advisory describes three high-severity issues introduced by the use of CODESYS industrial automation software. The flaws impact industrial control systems (ICS) from Schneider and several other major vendors.

Source: securityweek.com