Security News > 2020 > December > Siemens, Schneider Electric Address Serious Vulnerabilities in ICS Products
Siemens and Schneider Electric on Tuesday informed customers about the availability of patches and mitigations for several potentially serious vulnerabilities affecting their industrial control system products.
The new advisories describe vulnerabilities affecting the company's SICAM, SIMATIC, SIPLUS, LOGO! 8, SENTRON, SIRIUS, and XHQ products.
Siemens has also started releasing patches for its SIPLUS, SIMATIC ITC, SIMATIC WinCC and SIMATIC HMI Panel products to fix several vulnerabilities discovered last year by Kaspersky in the TightVNC open source virtual network computing system.
Siemens has also released an advisory to inform customers that some of its products are affected by one of the recently disclosed Amnesia:33 vulnerabilities affecting TCP/IP stacks.
Last month, Schneider and Claroty disclosed several encryption vulnerabilities allowing hackers to take control of some Modicon PLCs. Schneider informed customers this week that patches and mitigations are available for high- and medium-severity information disclosure, DoS, code execution, command execution, and account credential exposure issues.