Several Siemens, Schneider Electric vulnerabilities addressed

Fifty security vulnerabilities have been collectively fixed by Siemens and Schneider Electric for their respective industrial products as part of this month's Patch Tuesday, SecurityWeek reports. Such patches come after both companies confirmed having been targeted in the widespread Cl0p ransomware attack exploiting a zero-day flaw in the MOVEit Transfer file transfer app. More than 40 security bugs have been addressed by Siemens, including critical and high-severity vulnerabilities in its Simatic CN 4100 communication system, which could be leveraged to achieve device takeovers and network isolation bypass, respectively. Siemens also fixed 21 vulnerabilities in its Ruggedcom ROX offerings, most of which were either critical or high severity, as well as more than 12 flaws in Simatic MV500 optical readers that could be exploited to achieve denial-of-service and data exposure. Meanwhile, Schneider Electric has resolved more than 12 vulnerabilities impacting the Codesys runtime system V3 communication server of its PacDrive and Modicon controllers and Harmony HMIs. Six other product-specific bugs have been addressed by Schneider Electric.