Siemens Fixes Vulnerabilities in Ruggedcom as well as Other Products
Take action: This month the list of Siemens products to patch is huge. We understand that you don't like patching ICS systems, but do read the advisories. If at all possible, plan to patch. Othewise, use the opportunity to test your ICS systems isolation from the world, and push to persuade management to allow patching.
Learn More
Siemens issued a dozen advisories and patches covering over 30 vulnerabilities. Siemens focused on its Ruggedcom products, releasing three advisories detailing critical vulnerabilities that were patched.
Ruggedcom Crossbow server application patch addresses five vulnerabilities. Among these vulnerabilities, four were rated 'critical' and 'high severity'. These weaknesses could potentially be exploited to trigger a Denial of Service (DoS) condition, elevate privileges, execute arbitrary SQL queries on the database, and even write arbitrary files to the targeted system.
Ruggedcom ROS devices patch address significant mirror port isolation vulnerability. This vulnerability centers around the insufficient blocking of data being forwarded over the mirror port into the mirrored network. As a result, an attacker might exploit this behavior to transmit malicious packets to systems in the mirrored network, potentially influencing their configuration and runtime behavior.
Furthermore, ROS devices are susceptible to a high-severity DoS vulnerability, a concern that Siemens addressed through a separate advisory.
Siemens is also warning of a series of high-severity vulnerabilities that can be exploited through specially crafted files. This group of vulnerabilities impacts a range of products including:
- Sicam Toolbox II,
- Parasolid,
- Teamcenter Visualization,
- JT2Go,
- JT Open,
- JT Utilities,
- Solid Edge,
- Siemens Software Center (SSC).
Adding to their roster of advisories, Siemens tackled the impact of two OpenSSL vulnerabilities—falling under the categories of medium and high severity—on their Simatic products.
