Siemens and Schneider Electric released security advisories to address more than 50 vulnerabilities affecting their products.

The vendors have provided patches, mitigations, and general security recommendations for reducing the risk of attacks.

Siemens has released 5 new advisories covering 33 vulnerabilities. The company informed customers that an update for its SINEC network management system patches 15 flaws.

For its SCALANCE W1750D devices, Siemens released patches and mitigations covering 15 vulnerabilities, including critical weaknesses that can allow a remote, unauthenticated attacker to cause a DoS condition or execute arbitrary code on the underlying operating system.

The company has also informed customers about a critical authentication vulnerability in the SIMATIC Process Historian. An attacker can exploit the flaw to insert, modify or delete data.

The two remaining advisories address high-severity denial of service (DoS) vulnerabilities in SINUMERIK controllers and RUGGEDCOM ROX devices.

Schneider Electric also published 6 new advisories covering 20 vulnerabilities. One advisory describes the impact of 11 Windows flaws on the company’s Conext products. The security holes were patched by Microsoft in 2019 and 2020.

Another advisory describes vulnerabilities affecting Schneider’s IGSS SCADA system. The company says the worst case exploitation scenario “could result in an attacker gaining access to the Windows Operating System on the machine running IGSS in production.”

The company also informed users about a high-severity information disclosure vulnerability affecting spaceLYnk, Wiser For KNX, and fellerLYnk products, and a high-severity command execution issue in the ConneXium network manager software.

Source: securityweek.com