CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

2023-01-18 05:56

The U.S. Cybersecurity and Infrastructure Security Agency has published four Industrial Control Systems advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec.

The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw and command injection.

Separately, a critical flaw has also been revealed in GE Digital's Proficy Historian solution that could result in code execution regardless of authentication status.

"An attacker can take advantage of this fact and bypass the historian authentication by impersonating a local service," Uri Katz, security researcher at industrial security firm Claroty, said.

CISA also updated an ICS advisory that was published last month, detailing a critical command injection vulnerability in Contec CONPROSYS HMI System that could permit a remote attacker to send specially crafted requests to execute arbitrary commands.

The advisories come less than a week after CISA released 12 such alerts warning of critical flaws impacting software from Sewio, InHand Networks, Sauter Controls, and Siemens.

News URL

https://thehackernews.com/2023/01/cisa-warns-of-flaws-in-siemens-ge.html

#cisa #digital #GE #siemens

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Siemens	2361	113	835	603	151	1702
GE	164	5	45	37	34	121
Contec	8	1	16	15	7	39