Siemens Releases Several Advisories for Vulnerabilities In Third-Party Components Used In Connected Devices

Siemens Releases Several Advisories for Vulnerabilities In Connected Devices

Siemens reports two dozen vulnerabilities affecting its products in several security advisories published on Tuesday. Half of the new vulnerabilities are related to third-party components. 

The company issued advisories to inform customers about the importance of immediately updating their devices once Siemens rolls out patches and updates. 

A bulk of these advisories focus on the two AMNESIA:33 vulnerabilities, denial-of-service (DoS) flaws on SENTRON 3VA and PAC Meter products, which are part of a set of vulnerabilities recently discovered in open-source TCP/IP stacks. 

Two other advisories describe the impact of NUMBER:JACK, a set of vulnerabilities in TCP/IP stacks. These vulnerabilities can allow session hijacking on the SIMATIC MV400 optical readers and PLUSCONTROL products used by Siemens clients in the energy industry.

In addition, Siemens’ SIMATIC NET CM 1542-1 and SCALANCE SC600 devices can also be affected by a DoS vulnerability that exists in a multiprotocol file transfer library called libcurl.

Five more vulnerabilities affecting Luxion’s 3D rendering and animation software KeyShot are a subject of another advisory. The security holes can be exploited to allow the attacker arbitrary code execution.

Another advisory from the company warns of file parsing vulnerabilities in product development solutions and echoes the advisories Siemens release in January and February.

According to another advisory, the Mendix Forgot Password Appstore module is susceptible to an account takeover. 

In the remaining advisories Siemens addresses a high-severity DoS vulnerability in RUGGEDCOM and SCALANCE devices, high-severity unauthorized access bugs in SINEMA Remote Connect Server, DoS flaws in SIMATIC S7-PLCSIM, and a DoS vulnerability in LOGO! 8 BM.

For some of these vulnerabilities, Siemens has already released updates. For other vulnerabilities, it plans to do so in the near future. In some other cases, the company has advised customers to take workaround measures to protect their systems or devices to mitigate the risk of potential attacks.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.