Siemens, Schneider Electric patch security flaws

SecurityWeek reports that numerous security vulnerabilities have been addressed by Siemens and Schneider Electric as part of this month's Patch Tuesday. Siemens has issued patches for four vulnerabilities impacting its Sicam Q100 power meter devices. Threat actors could leverage the flaws, three of which are critical and the other being high severity, to facilitate user session hijacking, device crashes, and arbitrary code execution. Meanwhile, mitigations have been released for more than 12 security bugs affecting its Scalance W1750D devices. Siemens also detailed a critical flaw in its Sinumerik offerings. Moreover, fixes have been provided for high-severity vulnerabilities in QMS Automotive, Teamcenter Visualization and JT2Go offerings, and Parasolid products. In addition, an advisory regarding a critical authentication bypass bug in Siemens Siveillance Video mobile servers has also been released. On the other hand, Schneider Electric has detailed patches for three NetBotz security and environmental monitor vulnerabilities, which could be leveraged in account takeover, cross-site scripting, and clickjacking attacks.