Blog Posts Tagged with "Siemens"
ICS-CERT: Siemens COMOS Privilege Escalation Vulnerability
August 16, 2012 Added by:Infosec Island Admin
Siemens has reported a privilege escalation vulnerability in the Siemens COMOS database application. Authenticated users with read privileges could escalate their privileges by exploiting this vulnerability. Thus, the attacker is able to gain administrator access to the database...
Comments (0)
ICS-CERT: Siemens Synco OZW Web Server Vulnerability
August 13, 2012 Added by:Infosec Island Admin
Siemens has reported to ICS-CERT that a default password vulnerability exists in the Siemens Synco OZW Web Server device used for building automation systems. Siemens urges their customers to set a secure password on their device’s web interface. This vulnerability could be exploited remotely...
Comments (0)
ICS-CERT: SIMATIC S7-400 Denial of Service Vulnerabilities
August 07, 2012 Added by:Infosec Island Admin
Siemens has reported DoS vulnerabilities in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products. When specially crafted packets are received on Ethernet interfaces by the SIMATIC S7-400, the device can default into defect mode. A PLC in defect mode needs to be manually reset to return to normal operation...
Comments (0)
ICS-CERT: Siemens Simatic Step 7 DLL Vulnerability
July 25, 2012 Added by:Infosec Island Admin
Siemens self-reported a DLL hijacking vulnerability in SIMATIC STEP 7 and SIMATIC PCS 7 software. This vulnerability can be remotely exploited and public exploits are known to target this vulnerability. Siemens has produced a patch that resolves this vulnerability...
Comments (0)
ICS-CERT: Siemens WinCC Multiple Vulnerabilities
June 08, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in the Siemens WinCC application, and Siemens identified an additional vulnerability, that may allow an attacker to gain unauthorized access, read from, or write to files and settings on the target system...
Comments (0)
Post-Stuxnet: Siemens Improves ICS-SCADA Security
June 07, 2012 Added by:Headlines
"The introduction of our new Simatic CP and Scalance products only help to bolster Siemens' industrial security portfolio, but as we stress to our customers, there is no silver bullet to cybersecurity threats. Maintaining security is an ongoing process for plants and enterprises"...
Comments (0)
ICS-CERT: Siemens Simatic WINCC Multiple Vulnerabilities
April 20, 2012 Added by:Infosec Island Admin
ICS-CERT has received reports detailing several vulnerabilities in Siemens SIMATIC WinCC Human-Machine Interface application which could allow an attacker to log on to a system as a user or administrator with the ability to execute arbitrary code or obtain full access to files...
Comments (0)
ICS-CERT: Siemens Scalance X Industrial Ethernet Vulnerability
April 18, 2012 Added by:Infosec Island Admin
Exploitation of the vulnerability allows an attacker to perform malicious actions which may lead to a denial of service condition or possible arbitrary code execution. These actions may ultimately impact the process environment in which the system is deployed...
Comments (0)
ICS-CERT: Siemens Scalence S Multiple Vulnerabilities
April 12, 2012 Added by:Infosec Island Admin
Siemens has reported two security vulnerabilities in the Scalance S Security Module firewall - a brute-force credential guessing vulnerability in the web configuration and a stack-based buffer overflow vulnerability in the Profinet DCP protocol stack...
Comments (0)
Iran Successfully Eradicates Stuxnet Virus Infestation
February 15, 2012 Added by:Headlines
"I would assume that once Iran learned of Stuxnet, then intelligence agencies looked at this method of cyber attack as compromised regardless of how long it has taken Iran to neutralize it. It is a cat and mouse game..."
Comments (0)
Iran Remains Defiant in Confronting Cyber Attacks
February 14, 2012 Added by:Headlines
"Iranian experts possess adequate knowledge to confront cyber threats. All nuclear facilities in the country are immune from cyber attacks... Many viruses are produced in the world every day... there has been no destructive impact inside the country," said Gholam-Reza Jalali...
Comments (1)
Stuxnet: Are We Safe Now? Of Course Not...
January 31, 2012 Added by:Pierluigi Paganini
We are fighting with an invisible enemy. We are under attack, and we have no idea of the potentiality of agents that theatrically could remain in stealth mode inside the target, avoiding security systems for several years, gathering information and preparing the final attack...
Comments (0)
ICS-CERT: Siemens Simatic WinCC Vulnerabilities
January 31, 2012 Added by:Headlines
Successful exploitation of these vulnerabilities could allow an attacker to log on to a vulnerable system as a user or administrator with the ability to execute arbitrary code or obtain full access to files on the system. Publicly available exploits are known...
Comments (0)
ICS-CERT: Siemens Tecnomatix FactoryLink ActiveX
January 05, 2012 Added by:Headlines
Researchers identified two vulnerabilities affecting ActiveX components in the Siemens Tecnomatix FactoryLink application, including buffer overflow and data corruption. Successful exploitation of the vulnerabilities could allow an attacker to perform denial of service and arbitrary code execution...
Comments (0)
Researcher Traces Stuxnet/Duqu Timeline Back to 2006
December 02, 2011 Added by:Headlines
"May 2006 - Engineers compile code for a component of Stuxnet that will allow them to attack programmable logic controllers, or PLCs, manufactured by Siemens of Germany. Iran's nuclear program uses Siemens PLCs to control the gas centrifuges in its uranium enrichment facilities..."
Comments (3)
The Unfinished State of our National ICS Reporting System
August 23, 2011 Added by:Chris Blask
The rather petulant tone of the advisory indicates problems with the way our system is setup as well as insufficient process and staffing being applied to outbound communications. Certainly, advisories with content and tone like this one are not a step in the right direction...
Comments (0)
- Verizon 2014 DBIR: Hide Your Servers and Call the Cops
- 2014 SecurityWeek Golf Classic to Take Place May 22 at Half Moon Bay
- 6 Minutes That Can Change Your Security Start-up's Life
- NIST Abandons Cryptography Algorithm in Wake of NSA Backdoor Concerns
- Let’s Get Proactive with End User Security
- Verizon Publishes Vastly Expanded Data Breach Investigations Report (DBIR)
- Interview with Chris Petersen, LogRhythm co-founder
- Detecting OpenSSL-Heartbleed with Nmap & Exploiting with Metasploit
- Understanding What Constitutes Your Attack Surface
- Mocana Calls Heartbleed a “Wake-Up Call” for Makers of Smart Connected Devices