[Nulled] » Information security » The first January ICS fixes came up with a dozen security recommendations
January 16 2023

The first January ICS fixes came up with a dozen security

web3 16-01-2023, 12:47 Information security 184

The first January ICS fixes came up with a dozen security recommendations from Siemens and Schneider Electric, eliminating a total of 27 vulnerabilities.

Siemens has published six bulletins describing a total of 20 vulnerabilities. Security updates are available for many vulnerable products, but fixes will not be made for some.

The most important recommendations describe a dozen shortcomings in Sinec INS (Infrastructure Network Services).

Errors, all of which are critical or of high severity, can allow an attacker to read and write arbitrary files, which can eventually lead to RCE on the device. Some vulnerabilities affect third-party components.

Another bulletin concerns a critical XSS vulnerability in the Mendix SAML module, which an attacker can use to obtain confidential information by tricking the target user into clicking a link, but exploitation is possible only in certain configurations other than the default settings.

Siemens also informed about two high-risk vulnerabilities in Automation License Manager.

One of them can allow an unauthenticated attacker to remotely rename and move files, and the other can be used for RCE if it is associated with the first.

RCE vulnerabilities have been fixed in JT Open Toolkit, JT Utilities and Solid Edge. The operation is to force the target user to open a specially created file.

Researchers have discovered a hardware problem in the S7-1500 CPU that could allow an attacker with physical access to the device to replace the boot image and execute arbitrary code.

The manufacturer has released new hardware versions for some modifications and is working on new ones for the remaining types of PLCs to completely eliminate this vulnerability.

Schneider Electric has also released six new bulletins, but in total they cover seven vulnerabilities.

The company informed customers about the availability of patches for critical and highly critical vulnerabilities in the EcoStruxure Geo SCADA Expert product, which can be used for DoS attacks and obtaining confidential information.

In EcoStruxure Power Operation and Power SCADA Operation software, a serious DoS-related problem has been fixed.

EcoStruxure Power SCADA Anywhere is subject to a serious vulnerability that can be used to execute OS commands, but authentication is required for use.

EcoStruxure Control Expert, Process Expert and Modicon PLC have fixed vulnerabilities that make possible RCE and DOS attacks using specially created project files. These products are also affected by the authentication bypass error.

In Machine Expert HVAC, the problem of disclosure of information of moderate severity is closed.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: web3
  • Date of publication: 16 January 2023 12:47
  • Publication category(s): Information security
  • Number of views of the publication: 184
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
Juniper Networks has

Juniper Networks has released the first security recommendations in 2023, which cover more than 230

Read more
16 January 2023
Information security
An equally impressive

An equally impressive update was released by Google as part of the January patch for Android.

Read more
16 January 2023
Information security
Microsoft's January

Microsoft's January PatchTuesday was released with fixes for a record 98 documented software vulnerabilities.

Read more
16 January 2023
Information security
At least 29 security

At least 29 security vulnerabilities have been fixed by Adobe developers in their corporate product line,

Read more
16 January 2023
Information security
Thousands of Citrix ADC

Thousands of Citrix ADC and Gateway servers remain vulnerable to two major vulnerabilities fixed recently.

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +8 Total articles 6750
  • +15 Comments 4227
  • +35 Users : 6048