Information Security News mailing list archives
Ruskie ICS hacker drops nine holes in popular Siemens power plant kit
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 31 Aug 2015 10:08:35 +0000 (UTC)
http://www.theregister.co.uk/2015/08/31/ruskie_ics_hacker_drops_nine_holes_in_popular_siemens_power_plant_kit/ By Darren Pauli The Register 31 Aug 2015Ilya Karpov of Russian security outfit Positive Technologies has reported nine vulnerabilities in Siemens industrial control system kit used in critical operations from petrochemical labs and power plants up to the Large Hadron Collider.
The holes, now patched, also include two for Schneider Electric kit and cover a mix of remote and local exploits that can grant attackers easy and valuable system access.
The vulnerabilities (CVE-2015-2823) achieve a severity rating of 6.8 and allow remote net pests to authenticate using a password hash but not the associated password.
It affects a variety of specialist SIMATIC WinCC products including Runtime Professional, HMI Mobile Panels, and HMI Basic Panels.
[...] -- Evident.io - Continuous Cloud Security for AWS. Identify and mitigate risks in 5 minutes or less. Sign up for a free trial @ https://evident.io/
Current thread:
- Ruskie ICS hacker drops nine holes in popular Siemens power plant kit InfoSec News (Aug 31)