Recherche : [ICS] - Cyberveille

ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-addressed-by-siemens-schneider-aveva-cisa/

15/06/2025 15:46:49

Industrial solutions providers Siemens, Schneider Electric and Aveva have released June 2025 Patch Tuesday ICS security advisories.

While most of the vulnerabilities described in the advisories have been patched, only mitigations and workarounds are currently available for some of the flaws.

Siemens published six new advisories this Patch Tuesday. The most important describes CVE-2025-40585, a critical default credentials issue impacting Siemens Energy Services solutions that use the Elspec G5 Digital Fault Recorder (G5DFR).

According to Siemens, this component has default credentials with admin privileges and “a client configuration with remote access could allow an attacker to gain remote control of the G5DFR component and tamper outputs from the device”. Users can mitigate this issue by changing the default credentials from the G5DFR interface.

Critical issues are also described in an advisory for Simatic S7-1500 CPUs. Siemens is working on updates for the product to address dozens of vulnerabilities affecting the GNU/Linux subsystem.

Two advisories cover medium-severity issues in industrial communication devices that use the Sinec OS. The flaws allow an attacker to “perform actions that exceed the permissions of the ‘guest’ role”.

The industrial giant has also informed customers about a Tecnomatix Plant Simulation vulnerability that can lead to arbitrary code execution by tricking a user to open malicious files. The issue was reported by researcher Michael Heinzl, who is often credited by vendors for reporting vulnerabilities whose exploitation involves opening specially crafted files.

Siemens also informed customers about an XSS vulnerability in the Palo Alto Networks virtual firewall present in some Ruggedcom devices. Patches are being prepared by Siemens.

Schneider Electric has published three new advisories this Patch Tuesday. One of them describes XSS and DoS vulnerabilities affecting some Modicon controllers.

Four vulnerabilities have been patched in the EVLink WallBox electric vehicle charging station, including ones that can be exploited for reading or writing arbitrary files, launching XSS attacks, and taking remote control over the charging station.

Schneider has also informed customers about vulnerabilities in the third-party real-time operating system powering Insight Home and Insight Facility products. The products have reached end of life and cannot be updated, but users can implement mitigations to reduce the risk of exploitation.

Aveva has published three new advisories. One of them describes two high-severity DoS vulnerabilities in the PI Data Archive product. The other two advisories cover medium-severity XSS flaws in PI Connector for CygNet and PI Web API.

CISA also published three new advisories on Tuesday. One of them describes high-severity SinoTrack GPS receiver vulnerabilities that can allow an attacker to track vehicles and disconnect power to the fuel pump.

The other advisories describe the impact of a 2022 OpenSSL vulnerability on Hitachi Energy Relion products, and a remote code execution flaw discovered by Heinzl in MicroDicom DICOM Viewer.

ABB published advisories a few days before Patch Tuesday. The company informed customers about a critical EIBPORT vulnerability that leads to information disclosure, as well as flaws in third-party components used by its Welcome IP-Gateway product.

Also on Tuesday, Kaspersky published its ICS threat landscape report for Q1 2025, which shows that the security firm’s products blocked threats on nearly 22% of protected ICS devices.

The report looks at threat sources, regional trends, and the prevalence of various types of malware.

Intelligence Brief: Impact of FrostyGoop Modbus Malware on Connected OT Systems https://www.dragos.com/resources/solution-brief/intelligence-brief-impact-of-frostygoop-modbus-malware-on-connected-ot-systems/?ref=news.risky.biz

25/07/2024 15:18:16

In April 2024, FrostyGoop, an ICS malware, was discovered in a publicly available malware scanning repository. FrostyGoop can target devices communicating over Modbus TCP to manipulate control, modify parameters, and send unauthorized command messages. Modbus is a commonly used protocol across all industrial sectors. The Cyber Security Situation Center (CSSC), a part of the Security

Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology

09/11/2023 18:36:15

This ICS/OT attack represents the latest evolution in Russia's cyber physical attack capability.

COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response

25/05/2023 20:17:56

Mandiant identified novel operational technology (OT) / industrial control system (ICS)-oriented malware, which we track as COSMICENERGY, uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia.