Siemens has recently published 14 new advisories that address over 120 vulnerabilities across its products. These advisories provide patches and mitigations to help secure affected systems. Many of the flaws involve third-party components, some of which have been known since at least the previous year.
One significant vulnerability highlighted is a critical authentication bypass flaw in the PowerSys service program used for PowerLink 50/100 and SWT 3000 devices. This issue allows local attackers to gain administrative privileges on managed remote devices, posing a serious security risk.
Additionally, Siemens has resolved high-severity code execution vulnerabilities in several applications, including Tecnomatix Plant Simulation, Teamcenter Visualization, JT2Go, and SICAM AK3/TM/BC devices. These vulnerabilities could allow attackers to execute arbitrary code, potentially compromising system integrity and operations.
The advisories also cover high-severity issues in Simatic S7-200 devices and the Sinec Traffic Analyzer. Siemens has made available patches and mitigations to address these vulnerabilities, emphasizing the importance of applying these updates to ensure robust security and protect against potential exploits.
Reference:
