Tuesday, October 25, 2016

ICS-CERT Publishes Siemens SICAM Advisory

Today the DHS ICS-CERT published a control system security advisory describing a denial-of-service vulnerability in Siemens SICAM products. The vulnerability was reported by Adam Crain of Automatak LLC. Siemens has produced a firmware update to mitigate the vulnerability. There is no indication that Adam has been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker could remotely exploit this vulnerability to cause a denial of service. The Siemens Security Advisory reports that the vulnerability exist in the SM-2558 and SM-2556 IEC 60870-5-104 COM Modules used in the SICAM products.

Siemens announced their advisory on TWITTER® last Friday.

No comments:

/* Use this with templates/template-twocol.html */