Connect with us

Hi, what are you looking for?



ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities

Siemens and Schneider Electric’s Patch Tuesday advisories for April 2023 address a total of 38 vulnerabilities found in their products.

Siemens and Schneider Electric’s Patch Tuesday advisories for April 2023 address a total of 38 vulnerabilities found in their products. 

The total number of vulnerabilities is significantly smaller than in February and March, when the industrial giants addressed roughly 100 security issues. 


Siemens has published 14 new advisories that cover a total of 26 vulnerabilities. Some issues have been patched, but for others only workarounds and mitigations are available, and the company does not plan on releasing fixes for some of the impacted products. 

The most serious appears to be CVE-2023-28489, a critical vulnerability affecting Sicam A8000 series remote terminal units (RTUs), which are designed for telecontrol and automation in the energy supply sector.

The vulnerability can allow an unauthenticated attacker to execute arbitrary commands on the targeted device, but attacks are only possible if the device is configured to allow remote operation, which is disabled by default. Siemens has released patches for this security hole.

Siemens has also informed customers about three high-severity DoS vulnerabilities affecting the web server present in multiple Simatic industrial products. 

Advertisement. Scroll to continue reading.

Siprotec 5 devices are affected by a DoS vulnerability that can be exploited by an unauthenticated attacker by sending malicious requests to the targeted system.

Several high-severity flaws disclosed by Siemens are related to the parsing of specially crafted files, which can often lead to arbitrary code execution. An attacker can exploit these vulnerabilities by getting a user to open a malicious file.

Impacted products include JT Open Toolkit, JT Utilities, Teamcenter Visualization, JT2Go, and TIA Portal.

[ Read: Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms ] 

Siemens has also informed customers about issues affecting third-party components, including critical and/or high-severity bugs in the Wind River VxWorks real-time operating system, the Linux kernel, OPC Foundation Local Discovery Server (LDS), Luxion’s KeyShot, and various libraries. 

Vulnerable versions of these third-party components are used in products such as Scalance XCM332 switches, Solid Edge, and Simatic products.

Exploitation of these flaws can lead to arbitrary code execution, DoS attacks, privilege escalation, and information disclosure. 

Medium-severity vulnerabilities related to weak encryption and other information-exposure issues have been addressed by Siemens in Scalance X-200IRT, Simatic industrial PCs, Mendix, and the Polarion application lifecycle management (ALM) products.  

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Schneider Electric 

Schneider Electric has released six new advisories covering a dozen vulnerabilities. The company has made available patches for most of the flaws and has shared mitigations for the issues it has yet to fix with updates.

The most important advisory, based on CVSS scores, covers two critical and one-high severity vulnerabilities affecting APC and Schneider-branded Easy UPS online monitoring software. Exploitation can lead to remote code execution or a DoS condition. 

Customers have also been informed about a high-severity code execution issue in InsightHome and InsightFacility smart edge devices for solar and storage systems. However, exploitation requires authentication. 

Remote code execution and DoS flaws have been found in the EcoStruxure Control Expert software for Modicon PLCs and PACs. In addition, DoS bugs have been found in some of the Modicon PLCs and PACs themselves. 

Schneider has also informed customers about third-party component vulnerabilities, specifically three high-severity issues affecting its controllers due to the use of Codesys components.

A medium-severity issue that can allow a local attacker to execute code during the installation process has been patched in the Easergy Builder installer for T300, Saitel DR and Saitel DP products.

Related: 2023 ICS Patch Tuesday Debuts With 12 Security Advisories From Siemens, Schneider

Related: Siemens Drives Rise in ICS Vulnerabilities Discovered in 2022: Report

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.