Blog Posts Tagged with "Siemens"

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens COMOS Privilege Escalation Vulnerability

August 16, 2012 Added by:Infosec Island Admin

Siemens has reported a privilege escalation vulnerability in the Siemens COMOS database application. Authenticated users with read privileges could escalate their privileges by exploiting this vulnerability. Thus, the attacker is able to gain administrator access to the database...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Synco OZW Web Server Vulnerability

August 13, 2012 Added by:Infosec Island Admin

Siemens has reported to ICS-CERT that a default password vulnerability exists in the Siemens Synco OZW Web Server device used for building automation systems. Siemens urges their customers to set a secure password on their device’s web interface. This vulnerability could be exploited remotely...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: SIMATIC S7-400 Denial of Service Vulnerabilities

August 07, 2012 Added by:Infosec Island Admin

Siemens has reported DoS vulnerabilities in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products. When specially crafted packets are received on Ethernet interfaces by the SIMATIC S7-400, the device can default into defect mode. A PLC in defect mode needs to be manually reset to return to normal operation...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Simatic Step 7 DLL Vulnerability

July 25, 2012 Added by:Infosec Island Admin

Siemens self-reported a DLL hijacking vulnerability in SIMATIC STEP 7 and SIMATIC PCS 7 software. This vulnerability can be remotely exploited and public exploits are known to target this vulnerability. Siemens has produced a patch that resolves this vulnerability...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens WinCC Multiple Vulnerabilities

June 08, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Siemens WinCC application, and Siemens identified an additional vulnerability, that may allow an attacker to gain unauthorized access, read from, or write to files and settings on the target system...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Post-Stuxnet: Siemens Improves ICS-SCADA Security

June 07, 2012 Added by:Headlines

"The introduction of our new Simatic CP and Scalance products only help to bolster Siemens' industrial security portfolio, but as we stress to our customers, there is no silver bullet to cybersecurity threats. Maintaining security is an ongoing process for plants and enterprises"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Simatic WINCC Multiple Vulnerabilities

April 20, 2012 Added by:Infosec Island Admin

ICS-CERT has received reports detailing several vulnerabilities in Siemens SIMATIC WinCC Human-Machine Interface application which could allow an attacker to log on to a system as a user or administrator with the ability to execute arbitrary code or obtain full access to files...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Scalance X Industrial Ethernet Vulnerability

April 18, 2012 Added by:Infosec Island Admin

Exploitation of the vulnerability allows an attacker to perform malicious actions which may lead to a denial of service condition or possible arbitrary code execution. These actions may ultimately impact the process environment in which the system is deployed...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Scalence S Multiple Vulnerabilities

April 12, 2012 Added by:Infosec Island Admin

Siemens has reported two security vulnerabilities in the Scalance S Security Module firewall - a brute-force credential guessing vulnerability in the web configuration and a stack-based buffer overflow vulnerability in the Profinet DCP protocol stack...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Iran Successfully Eradicates Stuxnet Virus Infestation

February 15, 2012 Added by:Headlines

"I would assume that once Iran learned of Stuxnet, then intelligence agencies looked at this method of cyber attack as compromised regardless of how long it has taken Iran to neutralize it. It is a cat and mouse game..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Iran Remains Defiant in Confronting Cyber Attacks

February 14, 2012 Added by:Headlines

"Iranian experts possess adequate knowledge to confront cyber threats. All nuclear facilities in the country are immune from cyber attacks... Many viruses are produced in the world every day... there has been no destructive impact inside the country," said Gholam-Reza Jalali...

Comments  (1)

03b2ceb73723f8b53cd533e4fba898ee

Stuxnet: Are We Safe Now? Of Course Not...

January 31, 2012 Added by:Pierluigi Paganini

We are fighting with an invisible enemy. We are under attack, and we have no idea of the potentiality of agents that theatrically could remain in stealth mode inside the target, avoiding security systems for several years, gathering information and preparing the final attack...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Siemens Simatic WinCC Vulnerabilities

January 31, 2012 Added by:Headlines

Successful exploitation of these vulnerabilities could allow an attacker to log on to a vulnerable system as a user or administrator with the ability to execute arbitrary code or obtain full access to files on the system. Publicly available exploits are known...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Siemens Tecnomatix FactoryLink ActiveX

January 05, 2012 Added by:Headlines

Researchers identified two vulnerabilities affecting ActiveX components in the Siemens Tecnomatix FactoryLink application, including buffer overflow and data corruption. Successful exploitation of the vulnerabilities could allow an attacker to perform denial of service and arbitrary code execution...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researcher Traces Stuxnet/Duqu Timeline Back to 2006

December 02, 2011 Added by:Headlines

"May 2006 - Engineers compile code for a component of Stuxnet that will allow them to attack programmable logic controllers, or PLCs, manufactured by Siemens of Germany. Iran's nuclear program uses Siemens PLCs to control the gas centrifuges in its uranium enrichment facilities..."

Comments  (3)

A966b1b38ca147f3e9a60890030926c9

The Unfinished State of our National ICS Reporting System

August 23, 2011 Added by:Chris Blask

The rather petulant tone of the advisory indicates problems with the way our system is setup as well as insufficient process and staffing being applied to outbound communications. Certainly, advisories with content and tone like this one are not a step in the right direction...

Comments  (0)

Page « < 1 - 2 > »