Dozens of vulnerabilities found in Siemens and Schneider Electric products

Vulnerabilities can be used for DoS attacks, remote execution of arbitrary code, etc.

Industrial giants Siemens and Schneider Electric have informed customers of dozens of vulnerabilities in their products. Siemens has published eight notices of approximately two dozen vulnerabilities affecting Simcenter Femap, SIMATIC TIM, Solid Edge, SIMATIC NET, Mendix, JT2Go, Teamcenter Visualization and SIMATIC RF.

15 dangerous vulnerabilities are contained in SIMATIC NET CP 443-1 OPC UA, in particular, in its NTP (Network Time Protocol) component. Problems were discovered in NTP back in the period from 2015 to 2017, but vendors of industrial solutions often fix third-party software components years after the release of patches. Vulnerabilities can be exploited to carry out DoS attacks, bypass security mechanisms, remote arbitrary code execution, and data theft.

Schneider Electric reported 13 issues in one of the notices affecting the Interactive Graphical SCADA System (IGSS) dispatch and data collection system. Vulnerabilities are dangerous and their exploitation can lead to data theft or remote code execution. An attacker could exploit vulnerabilities by tricking a user into opening malicious files.

Two notices describe a number of vulnerabilities affecting the Schneider PowerLogic product. The most dangerous of them allow an attacker to gain access to the device with administrator rights.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply