Security Experts:

Connect with us

Hi, what are you looking for?



2023 ICS Patch Tuesday Debuts With 12 Security Advisories From Siemens, Schneider

The first ICS Patch Tuesday of 2023 brings a dozen security advisories from Siemens and Schneider Electric, addressing a total of 27 vulnerabilities.

The first ICS Patch Tuesday of 2023 brings a dozen security advisories from Siemens and Schneider Electric, addressing a total of 27 vulnerabilities.


Siemens has published six new advisories that describe a total of 20 vulnerabilities. Security updates are available for many of the affected products, but some will not get patches.

Based on CVSS score — note that CVSS scores can be misleading for ICS vulnerabilities — the most important advisory describes a dozen flaws in Sinec INS (Infrastructure Network Services).

The security holes, all rated ‘critical’ or ‘high severity’, could allow an attacker to read and write arbitrary files, which could ultimately lead to malicious code execution on the device. Some of the vulnerabilities impact third-party components.

Another advisory describes a critical reflected cross-site scripting (XSS) vulnerability in the Mendix SAML module. An attacker can exploit the weakness to obtain sensitive information by tricking the targeted user into clicking on a link, but exploitation is only possible on certain non-default configurations.

Siemens has informed customers about two high-severity vulnerabilities in Automation License Manager. One issue can allow an unauthenticated attacker to remotely rename and move files, while the other can be exploited for remote code execution if chained with the first vulnerability.

Remote code execution vulnerabilities have been patched in JT Open Toolkit, JT Utilities and Solid Edge. Exploitation involves getting the targeted user to open a specially crafted file.

Researchers have found a hardware issue in S7-1500 CPUs that can allow an attacker with physical access to a device to replace the boot image and execute arbitrary code.

“Siemens has released new hardware versions for several CPU types of the S7-1500 product family in which this vulnerability is fixed and is working on new hardware versions for remaining PLC types to address this vulnerability completely,” Siemens said.

Schneider Electric

Schneider Electric has also released six new advisories, but they only cover a total of seven vulnerabilities.

The company has informed customers about the availability of patches for critical and high-severity vulnerabilities in the EcoStruxure Geo SCADA Expert product, which can be exploited for DoS attacks and obtaining sensitive information.

In its EcoStruxure Power Operation and Power SCADA Operation software, the industrial giant found a high-severity issue that can be exploited for DoS attacks.

EcoStruxure Power SCADA Anywhere is affected by a high-severity flaw that can be leveraged for OS command execution, but exploitation requires authentication.

EcoStruxure Control Expert, EcoStruxure Process Expert and Modicon PLCs are impacted by a vulnerability that could allow arbitrary code execution and DoS attacks using specially crafted project files. These products are also impacted by an authentication bypass flaw.

Lastly, the EcoStruxure Machine Expert HVAC product is affected by a medium-severity information disclosure issue.

Related: ICS Patch Tuesday: Siemens Addresses Critical Vulnerabilities

Related: ICS Patch Tuesday: Siemens Fixes 80 OpenSSL, OpenSSH Flaws in Switches

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...