Endpoint/Device Security, Vulnerability Management

Several vulnerabilities addressed by Siemens, Schneider Electric

SecurityWeek reports that Siemens and Schneider Electric have addressed a total of 59 security flaws in their respective Patch Tuesday security advisories for this month. Nineteen security advisories issued by Siemens detail 46 security vulnerabilities, with two advisories describing critical bugs. Siemens' SIMATIC CP 1543-1 communicator processor is being impacted by three critical and high-severity flaws, which could be exploited to achieve arbitrary code execution. Threat actors could also remotely abuse a critical flaw and a high-severity bug in its SIMATIC eaSie digital assistant to facilitate arbitrary request delivery and a denial-of-service condition. Numerous vulnerabilities in SCALANCE X switches could also be leveraged in DoS or brute-force attacks. Meanwhile, Schneider Electric detailed 13 bugs, one of which is a high-severity SpaceLogic C-Bus Home Controller OS command injection flaw. Three high-severity vulnerabilities in some Schneider Electric OPC UA and X80 advanced RTU communication modules could also be leveraged in DoS attacks, according to the company.

Related

US, Australia apprehend Firebird RAT developer

The FBI and Australian Federal Police have partnered to arrest and indict an unnamed Australian who developed Firebird/Hive remote access trojan and California-based Edmond Chakhmakchyan, also known as Corruption, who allegedly marketed the RAT, according to BleepingComputer.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.