Siemens released patches for over 270 vulnerabilities
Take action: A major patch release that requires team research. Have your team check the patches and plan patches. As always first make sure your siemens infrastructure is isolated from the internet
Learn More
For February 2024, Siemens released a series of security advisories as part of their ICS Patch Tuesday initiative. Siemens released 15 new advisories, which collectively addressed 270 unique vulnerabilities across a range of products.
A large portion of these vulnerabilities were identified in Scalance XCM-/XRM-300 switches, with many flaws attributed to third-party components discovered in the years 2022 and 2023. These vulnerabilities were predominantly rated as 'critical' or 'high' severity.
In addition to the Scalance switches, Siemens also resolved significant vulnerabilities in the Sinec industrial network management solution, where more than 60 issues were patched. Other critical updates were applied to Scalance W1750D access points, Sidis Prime, Location Intelligence, and Scalance SC-600 products. High-severity vulnerabilities in products like Simatic CP 343-1, Parasolid, Polarion ALM, Simatic RTLS, Simcenter Femap, Unicam FX, and Tecnomatix Plant Simulation were also addressed.
Siemens has made updates available for most of the affected products, although it's mentioned that some products would not receive fixes.
