The 15 new advisories released by Siemens and Schneider Electric this Patch Tuesday address a total of 43 vulnerabilities, including ones that have been assigned a “critical” severity rating.
Siemens has released 12 advisories covering 35 vulnerabilities. Based on CVSS scores, the most important advisory covers 11 flaws affecting the web server of SICAM P850 and P855 devices.
One of these bugs is critical and it allows an unauthenticated attacker to execute arbitrary code or launch a denial-of-service (DoS) attack. The five high-severity vulnerabilities covered by the advisory can lead to DoS attacks, code execution, traffic capturing and interfering with device functionality, cross-site scripting (XSS) attacks, or access to a device’s management interface.