[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Ruskie ICS hacker drops nine holes in popular Siemens power plant kit
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2015-08-31 10:08:35
Message-ID: alpine.DEB.2.02.1508311008240.10011 () infosecnews ! org
[Download RAW message or body]

http://www.theregister.co.uk/2015/08/31/ruskie_ics_hacker_drops_nine_holes_in_popular_siemens_power_plant_kit/

By Darren Pauli
The Register
31 Aug 2015

Ilya Karpov of Russian security outfit Positive Technologies has reported 
nine vulnerabilities in Siemens industrial control system kit used in 
critical operations from petrochemical labs and power plants up to the 
Large Hadron Collider.

The holes, now patched, also include two for Schneider Electric kit and 
cover a mix of remote and local exploits that can grant attackers easy and 
valuable system access.

The vulnerabilities (CVE-2015-2823) achieve a severity rating of 6.8 and 
allow remote net pests to authenticate using a password hash but not the 
associated password.

It affects a variety of specialist SIMATIC WinCC products including 
Runtime Professional, HMI Mobile Panels, and HMI Basic Panels.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]