Siemens and Schneider Electric’s Patch Tuesday advisories for October 2023 address more than 40 vulnerabilities affecting their products.
Siemens has published a dozen new advisories addressing 41 vulnerabilities.
One advisory describes seven vulnerabilities affecting Siemens’ Ruggedcom APE1808 industrial application hosting platform, which is made for running third-party software in harsh, mission-critical environments.
The vulnerabilities exist in a product made by industrial and IoT cybersecurity firm Nozomi Networks, specifically the firm’s Guardian product, which is designed to provide asset inventory and network visibility, and the Central Management Console (CMC), which aggregates Guardian sensor data.
Nozomi patched the vulnerabilities in its products in early August with the release of Guardian/CMC version 22.6.2. Siemens is working on patches for its Ruggedcom product and in the meantime it has provided workarounds and mitigations that can be used to prevent exploitation.
However, all of the Nozomi product vulnerabilities require authentication and some of them require elevated privileges for exploitation. Only two of them have been assigned ‘high’ severity ratings based on their CVSS score — the rest are ‘medium’ and ‘low’ — but Nozomi says even the high-severity issues actually have a ‘medium’ risk level for its customers.
Three of Siemens’ new advisories address critical vulnerabilities that have been patched by the industrial giant. One of them describes Scalance W1750D flaws that were previously found in Aruba products. The Scalance W1750D is actually a brand-labeled device from HPE-owned Aruba.
Exploitation of the security holes can lead to sensitive information disclosure, unauthenticated remote code execution, and DoS.
A ‘critical’ severity rating has also been assigned to CVE-2023-43625, a Simcenter Amesim bug that can allow an unauthenticated, remote attacker to execute arbitrary code using DLL injections.
The third ‘critical’ advisory describes CVE-2023-36380, a hardcoded ID in the SSH ‘authorized_keys’ configuration file of Sicam A8000 remote terminal units (RTUs). In certain circumstances, an attacker who knows the corresponding credentials could access the device via SSH.
High-severity vulnerabilities have been addressed in Sinema Server (code execution via XSS), Sicam PAS/PQS (local privilege escalation), Siemens Xpedition Layout Browser (code execution, DoS), Sinec NMS (code injection, XSS), Tecnomatix Plant Simulation (code execution or DoS via malicious files), and Sicam A8000 RTUs (privilege escalation).
Medium-severity vulnerabilities have been patched in the Mendix ‘forgot password’ module (user enumeration) and Simatic CP devices (code execution, DoS, unrestricted network access).
Schneider Electric has released two new advisories to inform customers about the availability of patches for three critical vulnerabilities.
Two of them impact the SpaceLogic C-Bus Toolkit and they can be exploited for remote code execution when the transfer command is used over the network, and to tamper with files on the PC running C-Bus when the file command is used.
The third critical flaw affects EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation products and it can be exploited for code execution by sending a specially crafted packet to the application.