The companies have released patches and mitigations to address these vulnerabilities.
Siemens has released 5 new advisories covering 33 vulnerabilities. The company informed customers that an update for its SINEC network management system patches 15 flaws, including ones that can be exploited for arbitrary code execution. While some of them have been assigned a high severity rating, exploitation requires authentication.
For its SCALANCE W1750D controller-based direct access points, Siemens released patches and mitigations covering 15 vulnerabilities, including critical weaknesses that can allow a remote, unauthenticated attacker to cause a DoS condition or execute arbitrary code on the underlying operating system. The W1750D is a brand-labeled device from Aruba, and a majority of the flaws exist in the ArubaOS operating system.