Siemens and Schneider Electric released security advisories to address multiple vulnerabilities affecting their products in April 2022.

The vendors have provided patches, mitigations, and general security recommendations for reducing the risk of attacks.

Siemens has released 11 new advisories. One of them covers three critical flaws affecting the SIMATIC Energy Manager product that could be exploited by an unauthenticated attacker to execute code with elevated privileges.

Another advisory describes eight critical and high-severity bugs affecting SCALANCE X switches. The flaws, many of which can be exploited remotely and without authentication, can be used to crash devices, obtain sensitive information, and execute arbitrary code.

Siemens has also addressed high-severity and medium-severity vulnerabilities in Simcenter Femap, SIMATIC S7-400, SCALANCE W1700, Mendix, and SICAM products. Many of these security holes can be exploited for DoS attacks.

Schneider Electric also published two new advisories. The industrial giant has patched a critical remote code execution vulnerability in the IGSS (Interactive Graphical SCADA System) product. The second advisory describes a high-severity denial-of-service (DoS) vulnerability affecting Schneider’s Modicon M340 controllers.

Source: securityweek.com