Siemens patches critical SCADA flaws likely exploited in recent attacks

Siemens released security updates for several of its SCADA (supervisory control and data acquisition) products for industrial environments, in order to fix critical vulnerabilities that may have been exploited in recent attacks.

One of the vulnerabilities allows unauthenticated attackers to remotely execute arbitrary code on a Siemens SIMATIC WinCC SCADA server by sending specially crafted packets to it. The flaw received the maximum severity score of 10 in the Common Vulnerability Scoring System and can lead to a full system compromise.

The other vulnerability can also be exploited by unauthenticated attackers by sending specially crafted packets, but to extract arbitrary files from the WinCC server. The flaw has a CVSS score of 7.8.

To read this article in full or to leave a comment, please click here

Story added 28. November 2014, content source with full text you can find at link above.

Siemens patches critical SCADA flaws likely exploited in recent attacks

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts