The below article is being forwarded as an advisory only and is not a notification of activity being seen on your network. This advisory is to draw attention to a Security Week article regarding vulnerabilities that have been patched and/or have mitigating controls for several Siemens products: https://www.securityweek.com/ics-patch-tuesday-siemens-ruggedcom-devices-affected-by-nozomi-component-flaws/
If your organization does not use Siemens products for OT (Operational Technology) environments, this advisory may be discarded.
Summary
Due to the widespread use of Siemens products within OT environments, this advisory is to draw attention to several critical vulnerabilities, and the patches/mitigations that may be applied to help secure these devices from being compromised by an attacker.
Additional information on the full scope of vulnerabilities that have been noted may be found at https://www.siemens.com/global/en/products/services/cert.html?d=2023-10#SiemensSecurityAdvisories
Affected Products/Versions
The information below only shows the critical vulnerabilities affecting Siemens products. Several high and medium vulnerabilities may be found at the link above.
Additional Resources
https://www.cisa.gov/news-events/alerts/2023/10/12/cisa-releases-nineteen-industrial-control-systems-advisories
