Summary
Siemens has released security updates to fix multiple vulnerabilities in its products – including SCADA, one of which has a “critical” severity in TeleControl, a remote control system designed to monitor and control industrial plants.
Risk
Estimate of the vulnerability’s impact on the reference community: HIGH/ORANGE (74.67/100)1.
Type
- Arbitrary Code Execution
Affected products and/or versions
Siemens
- TeleControl Server Basic, version 3.1
Mitigation actions
It is recommended to implement the mitigation measures following the instructions provided by the vendor for each affected product and reported in the security bulletin in the References section.
For the remaining products, it is recommended to monitor the release of further updates.
Unique Vulnerability Identifiers
The following are only the CVEs related to the “critical” vulnerabilities:
References
https://www.siemens.com/global/en/products/services/cert.html#SiemensSecurityAdvisories
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
