Critical security updates for SAP, Siemens, Schneider Electric and a WordPress plugin

Security patches for products from four major companies have been released this week, with calls for the updates to be installed as soon as possible.

  • SAP said patches are needed to fix tthree critical memory corruption vulnerabilities that affected Internet Communication Manager (ICM);
  • Siemens said its SIMATIC firmware contains three vulnerabilities that could allow an unauthenticated attacker to perform a denial of service attack under certain conditions;
  • Schneider Electric released six advisories describing 20 vulnerabilities.
  • WordFence said the PHP Everywhere plugin for WordPress needed to be updated after finding several remote code execution vulnerabilities in the application.

sap said he collaborated with OnapsisResearch Labs to discover and fix three critical memory corruption vulnerabilities that affected Internet Communication Manager (ICM). ICM is a core component of SAP business applications that enables HTTP(S) communications in SAP systems.

The company said it released Three roomare for all impacted systems of one possible security attack while Onapsis helped to supply a free open source vulnerability scanner tool to help all SAP customers affected at contact immediately these problems.

SAP administrators should prioritize the application Security Notice 3123396 [CVE-2022-22536] youo the applications concerned immediately. Yes the program of an organization was exploited, these vulnerabilities, also known as “ICMAD”, will be activate attackers to perform serious malicious activity on SAP users, information and business processes.

According to a Siemens security advisory, certain products of its SIMATIC family using programmable logic controllers (PLCs) are affected by all three vulnerabilities. In a blog, said security researcher Gao Jian the three vulnerabilities have been given the name S7+:Crash. Currently, they are rated HIGH with a CVSS3.1 score of 7.5. “These vulnerabilities can lead to serious consequences, such as remote denial of service for SIMATIC controllers,” he wrote.

He had identified more than the three vulnerabilities; the others are under investigation.

“The three vulnerabilities disclosed this time are critical with broad impact, low exploitation difficulty, and high protection difficulty,” he wrote. “Users and companies must be alerted and take the necessary measures to prevent industrial production from being affected.”

Security Researchers at Tenable find the bugs announced by Schneider Electric, including several vulnerabilities in its IGSS data server (IGSSdataServer.exe) v15.0.0.21286. Administrators should update to IGSS Data Server version or higher.

In affected versions, an integer overflow condition exists when IGSSdataServer.exe adds an incoming request to a heap-based buffer that already contains a request, Tenable said. The problem results from the lack of proper validation of user-supplied data before performing the memory allocation. An unauthenticated remote attacker can exploit this, via several specially crafted messages, to cause a heap-based buffer overflow, leading to denial of service and potentially remote code execution, Tenable said.

A second issue is a heap-based buffer overplay memory leak that could lead to a denial of service.

Wordfence said one of these vulnerabilities he found in PHP Everywhere allowed any authenticated user of any level, even subscribers and customers, to run code on a site with the plugin installed. A largely rebuilt version of the plugin has been available since January 10.

According to PHP Everywhere Website, the plugin has been downloaded 30,000 times.

“If you are using the PHP Everywhere plugin, it is imperative that you upgrade to the most recent version, which is 3.0.0 at the time of this writing (February 8th), in order to prevent your site from being exploited. “, Wordfence said the researchers. “Unfortunately, version 3.0.0 only supports PHP snippets through the block editor, so if you’re using the classic editor, you’ll need to uninstall the plugin and find another solution. Under no circumstances should you continue to run older versions of PHP Everywhere.

Esther L. Gunn