SAP slaps patch on leaky factory software
SAP’s February round of critical software updates includes one for SAP Manufacturing Integration and Intelligence (xMII) that may be of interest to hackers and spies.
The software is widely used in manufacturing industry, where it connects factory-floor systems to business applications for performance monitoring — but a flaw in it meant that restrictions on who could see what were not enforced.
The patch for xMII fixes a directory traversal vulnerability, SAP reported Tuesday in security note 2230978.
The vulnerability could have allowed attackers to access arbitrary files and directories on an SAP fileserver, including application source code, configuration and system files and other critical technical and business-related information, security researchers at ERPScan said Wednesday.