What are the critical vulnerabilities addressed in Siemens' latest security advisories?

Siemens' latest security advisories address critical vulnerabilities in several Industrial Control Systems (ICS) products. This includes Scalance W1750D access points, which could potentially allow arbitrary code execution; RUGGEDCOM APE1808 devices, with patches for Fortigate NGFW and Palo Alto Networks' virtual next-generation firewalls; and vulnerabilities in the BIOS of SIMATIC S7-1500 TM MFP before V1.3.0.

What should Siemens users do in response to these security advisories?

Siemens users should review the full list of advisories to plan their patching systems and implement necessary patches or mitigations to protect their systems against these vulnerabilities.

Advisory

Siemens addresses critical vulnerabilities in multiple products

Q: What other Siemens products have vulnerabilities mentioned in the advisories?

Besides the critical vulnerabilities, Siemens' advisories also cover vulnerabilities in products such as the Telecontrol Server Basic, Simatic S7-100, Sinec NMS, Parasolid, and Simatic WinCC. Patches have been released for some issues, while mitigations are available for others.

published: April 9, 2024

Take action: If you are using Siemens ICS/IOT products, it's time to review the full advisory page for issues. Prioritize Scalance W1750D, RUGGEDCOM APE1808 and SIMATIC S7-1500 for patching for this month.

Learn More

Siemens' latest security advisories cover approximately 80 vulnerabilities across various their Industrial Control Systems (ICS) products.

Critical vulnerabilities are addressed in:

Scalance W1750D access points, devices originally from Aruba, which could potentially allow arbitrary code execution.
RUGGEDCOM APE1808 devices, which includes patch of Fortigate NGFW that are part of the APE1808 product.
RUGGEDCOM APE1808 devices which includes patch for Palo Alto Networks' virtual next-generation firewalls, par
Vulnerabilities in the BIOS of SIMATIC S7-1500 TM MFP before V1.3.0

Siemens also addressed vulnerabilities in other products, including the Telecontrol Server Basic, Simatic S7-100, Sinec NMS, Parasolid, and Simatic WinCC, with patches released for some issues and mitigations available for others.

Siemens users should review the full list of advisories to plan their patching systems

Siemens addresses critical vulnerabilities in multiple products

Read More
Multiple vulnerabilities reportd in Optigo Networks Visual BACnet …
Critical authentication vulnerabilities reported in Radiometrics VizAir aviation …
CISA reports vulnerabilities in multiple Honeywell products, some …
CISA reports critical flaw in Hitachi Energy Relion …
Critical vulnerabilities reported in Tigo Energy Cloud connect …