Yesterday the DHS ICS-CERT published two control system
security advisories for two products from Siemens.
XHQ Advisory
This advisory
describes an improper access control vulnerability in the Siemens XHQ
operations intelligence product. This vulnerability is being self-reported.
Siemens has developed a new version that mitigates the vulnerability.
ICS-CERT reports that a relatively low skilled attacker (who
is an authorized user) could remotely exploit the vulnerability to gain read
access to data in the XHQ solution exceeding his configured permission level.
SIMATIC CP 44x-1 Advisory
This advisory
describes an improper authentication vulnerability in the Siemens SIMATIC CP
44x-1 Redundant Network Access (RNA) modules. This vulnerability is being self-reported.
Siemens has released a firmware update to mitigate the vulnerability.
ICS-CERT reports that a relatively low skilled attacker
could remotely exploit the vulnerability to perform administrative actions
under certain conditions. The Siemens’ Security
Advisory reports that the attacker must have network access to port 102/TCP
of the affected device and the
configuration data of the CP must be stored on the CPU.
Posts
No comments:
Post a Comment