Non Microsoft Patch Tuesday Releases October 2022

Siemens

Siemens has released 15 advisories that covers 36 vulnerabilities. The important one from the bunch is  CVE-2022-38465, related to a global cryptographic key not being properly protected.

A threat actor could launch an offline attack against a single Siemens PLC and obtain a private key that can then be used to compromise that entire product line. Even the attacker can then obtain sensitive configuration data or launch MitM attacks that enable them to read or modify data between the PLC and its connected HMIs and engineering workstations.

Siemens has also informed customers about a critical authentication-related vulnerability affecting Desigo CC and Cerberus DMS, for which the patches are not available, but has recommended some mitigations.

A ‘critical’ severity rating has also been assigned to a vulnerability in Sicam P850 and P855 devices. It allows an authenticated attacker to execute arbitrary code or cause a DoS condition.

Remaining vulnerabilities are high-severity flaws. This includes webserver vulnerabilities in Desigo PXM devices, privilege escalation and DoS issues in Scalance and Ruggedcom products, DoS flaws in products based on the Nucleus RTOS, a DoS vulnerability in Simatic HMI panels, a spoofing vulnerability in Industrial Edge Management, an XSS flaw in Scalance switches, and file parsing vulnerabilities in Solid Edge, JTTK and Simcenter Femap.

Schneider Electric

Schneider Electric has released patches for 12 vulnerabilities. Six high-severity flaws that could lead to arbitrary code execution have been identified in EcoStruxure Operator Terminal Expert and Pro-face BLUE products. However, exploitation of these vulnerabilities requires local user privileges and involves loading malicious files.

Schneider’s EcoStruxure Power Operation and Power SCADA Operation software is affected by a vulnerability that could allow an attacker to view data, change settings or cause disruption by getting a user to click on a specially crafted link.

EcoStruxure Panel Server Box is affected by high- and medium-severity issues that can be exploited for arbitrary writes this could lead to code execution and DoS attacks.

Lastly, the third party ISaGRAF Workbench software used by SAGE RTU products is affected by three medium-severity bugs that could result in arbitrary code execution or privilege escalation. User interaction is required for exploitation.

Adobe

Adobe warned the vulnerabilities could expose both Windows and macOS users to arbitrary code execution, arbitrary file system write, security feature bypass and privilege escalation attacks.

The most critical security defects in ColdFusion versions 2021 and 2018. A total of 13 ColdFusion flaws were fixed, including some carrying a CVSS 9.8/10 severity rating.

A high-priority patch for the Adobe Commerce and Magento Open Source software with a warning that a critical-level bug could expose users to arbitrary code execution attacks.

The Adobe Commerce and Magento Open Source flaw CVE-2022-35698, a cross-site scripting bug with a CVSS score of 10.

The company also addressed nine documented bugs in the Adobe Dimension product and warned that both Windows and macOS users are at risk of code execution and memory leak attacks. The Adobe Dimension bulletin carries the maximum critical-level severity rating.

Adobe also released patches to cover a half-dozen flaws affecting the widely deployed Adobe Acrobat and Reader software for Windows and macOS.

SAP

SAP has released 15 new security advisories, including two ‘critical vulnerabilities. The most severe of these issues is CVE-2022-39802 with CVSS score of 9.9, which is described as a file path traversal in Manufacturing Execution. The bug impacts Work Instruction Viewer and Visual Test and Repair, two plugins for displaying work instructions and models.

The second critical vulnerability, CVE-2022-41204 with CVSS score of 9.6, impacts the SAP Commerce login form and could lead to account hijacking through URL redirection.

The issue exists because the URLs that are called when a login form is submitted are not properly sanitized, allowing an attacker to inject redirect information into them, leading to sensitive information being sent to an attacker-controlled server.

SAP released five new and one updated high-severity security advisories including three that deal with information disclosure vulnerabilities in BusinessObjects and one addressing a buffer overflow in SQL Anywhere and IQ.

The two remaining notes resolve multiple security holes in 3D Visual Enterprise Viewer and 3D Visual Enterprise Author. An attacker could trick users into opening manipulated files in 3D Visual Enterprise Viewer/Author, leading to arbitrary code execution or DoS.