Yesterday the DHS ICS-CERT published a control system
security advisory for the Siemens SCALANCE X-200 switch family. The Web session
hijack vulnerability was reported by Eireann Leverett of IOActive in a
coordinated disclosure.
ICS-CERT reports that a moderately skilled attacker could
remotely exploit this vulnerability to hijack a Web session due to insufficient
entropy in the switch’s random number generator. This could allow an attacker
to change device configurations.
ICS-CERT reports that Siemens has produced a firmware
upgrade that remediates the vulnerability. There is no indication in the
advisor or the Siemens-CERT
advisory that Leverett or IOActive have verified the efficacy of the
upgrade.
Posts
No comments:
Post a Comment