ICS Patch Tuesday: Siemens, Schneider Electric Address Over 40 Vulnerabilities



Siemens has released 21 new advisories and updated 25 previously published advisories. The new advisories cover 36 vulnerabilities, including five that have been assigned a critical severity rating.

One of the critical flaws, with a CVSS score of 10, impacts the Desigo CC building management platform and the Cerberus danger management station (DMS). The flaw, a deserialization issue, can allow an unauthenticated attacker to execute arbitrary code on the affected system. Siemens pointed out that the risk of exploitation is higher for systems connected directly to the internet.