Siemens and Schneider Electric have released their Patch Tuesday advisories for November 2022. Schneider has only published one new security advisory, whereas Siemens has published nine new security advisories covering a total of 30 vulnerabilities.
Three of Siemens’ nine advisories cover vulnerabilities that have been given a “critical” rating. Devices using the Sicam Q100 power meter have been found to have four vulnerabilities—one of high severity and three of critical severity. They can enable an attacker to take control of user sessions, bring down the system, or run arbitrary code. More than a dozen vulnerabilities, many of which are rated “critical,” exist in Scalance W1750D devices. If exploited, these vulnerabilities could allow an attacker to run arbitrary code or create a denial-of-service (DoS) situation.
The business emphasized that the access point was a brand-labeled Aruba Networks device and that the company had announced the availability of patches in late September.