ICS Patch Tuesday

ICS Patch Tuesday

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric

Industrial giants Siemens, Schneider Electric, Mitsubishi Electric, and Moxa have published new ICS Patch Tuesday advisories for vulnerabilities found recently in their ICS products.

Vulnerabilities Addressed by Siemens and Schneider Electric

Siemens and Schneider Electric have each published six new advisories. Each of Schneider’s new advisories addresses one vulnerability, including high-severity issues in EcoStruxure IT Data Center Expert and EcoStruxure Power Monitoring Expert and Power Operation.

Meanwhile, Siemens has addressed a critical stored XSS vulnerability in Simatic S7-1500 devices, and a potentially severe misconfiguration in Mendix applications. Additionally, Siemens has informed customers about vulnerabilities introduced by the use of Fortinet, OpenSSL, and other third-party components.

Vulnerabilities Fixed by Mitsubishi Electric and Moxa

Mitsubishi Electric has published one new advisory to describe a remotely exploitable DoS vulnerability in its Numerical Control Systems. Moxa has published four new advisories, including three describing the impact of vulnerabilities discovered in Intel products.

Furthermore, the cybersecurity agency CISA has also published ICS advisories this Patch Tuesday, informing the public about vulnerabilities in Ceragon Siklu MultiHaul and EtherHaul, Lantronix EDS3000PS and EDS5000, and Apeman cameras.

Related Advisories and Vulnerabilities

Germany’s VDE-CERT has published advisories for Codesys, Janitza, and Weidmueller product vulnerabilities. Some of the Janitza and Weidmueller flaws can be exploited by remote, unauthenticated attackers to fully compromise the targeted system.

Therefore, it is essential for companies to prioritize patching these vulnerabilities to prevent potential attacks. For example, applying the latest security updates can help protect against exploits.

Conclusion and Recommendations

In conclusion, the latest ICS Patch Tuesday advisories highlight the importance of regular security updates and patching. Companies must stay vigilant and proactive in addressing vulnerabilities to prevent cyber attacks.

Finally, we recommend that companies take the following steps to ensure the security of their ICS products:

  • Regularly review and apply security updates and patches
  • Conduct thorough risk assessments and vulnerability testing
  • Implement robust security measures, such as firewalls and intrusion detection systems

Frequently Asked Questions

Here are some frequently asked questions about ICS Patch Tuesday and vulnerability patching:

  1. What is ICS Patch Tuesday? ICS Patch Tuesday refers to the regular release of security advisories and patches for industrial control systems (ICS) products.
  2. Why is it important to patch vulnerabilities? Patching vulnerabilities is crucial to prevent cyber attacks and protect the security and integrity of ICS products.
  3. How can companies prioritize patching vulnerabilities? Companies can prioritize patching vulnerabilities by conducting regular risk assessments and vulnerability testing, and applying security updates and patches in a timely manner.
  4. What are some best practices for securing ICS products? Some best practices for securing ICS products include implementing robust security measures, such as firewalls and intrusion detection systems, and conducting regular security audits and testing.
  5. How can companies stay informed about the latest ICS Patch Tuesday advisories? Companies can stay informed about the latest ICS Patch Tuesday advisories by subscribing to security newsletters and following reputable sources, such as the Cybersecurity and Infrastructure Security Agency (CISA).