Cybersecurity
OT security vulnerabilities in Siemens devices
Otorio's research team has discovered two significant vulnerabilities in the Siemens Automation License Manager (ALM) component used in a variety of Siemens products including TIA, WinCC, Historian and PCS7 servers.
The vulnerabilities discovered by Otorio, a provider of cybersecurity for OT environments, could allow attackers to take control of industrial environments and potentially cause serious damage. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a CVE advisory urging users to update the vulnerable component.
Research by Otorio has revealed that the ALM component is used in many modern Siemens automation programs such as HMI, Historian, engineering software and Distributed Control System (DCS). The OT security experts found that the vulnerabilities could lead to remote code execution (RCE) and privilege escalation (PE) on any PCS 7 server tested with the default configuration running on Windows Server.
These findings are worrying, Otorio says, as they could allow hackers to gain control of engineering, control and monitoring servers in production environments. "Unauthorized access to engineering and control servers, which are among the most important and sensitive OT systems in many companies, can have serious consequences for industrial environments and critical infrastructures," says Eran Jacob, security research expert at Otorio. The security specialist strongly advises companies using Siemens automation technologies to read the CISA information and update their systems immediately if they are affected.
You might also be interested in
Siemens raises forecast
A good start to the new fiscal year has Siemens looking to the coming fiscal year with confidence: The Group is raising its forecast.
read more...Damage in Germany too
A major cyberattack targets a security vulnerability that was actually closed at the beginning of 2021. However, some IT managers have not done their homework. Companies from Germany are among the victims.
read more...SmartFactory-KL and "Manufacturing-X"
Milestone towards Production Level 4
Resilience, sustainability, flexibility, digital twins, interoperability, skill-based manufacturing architecture and distributed production - all this is Production Level 4. "Manufacturing-X" shows how it works.
read more...Schneider Electric and BitSight cooperate
Schneider Electric and BitSight are pooling their expertise to make OT systems more resilient to cyber risks. Other OT providers are also invited to take part in the project.
read more...Seven important security approaches
Companies will need new cybersecurity approaches in 2023 as criminals continue to develop their attacks in line with the state of the art. Security expert Imperva provides an overview of seven cyber security issues that companies should be prepared...
read more...Interview with Michael Walser, Sematicon
The weak points of OT security
How vulnerable are OT environments? Companies can get an idea at the ISH at Munich Airport. Michael Walser, CTO at Sematicon, explains which risks companies should be aware of.
read more...Training environment for security experts
The Information Security Hub (ISH) at Munich Airport is an immersive training facility where cyberattacks are simulated. Marc Lindike, Head of Information Security Assurance at Munich Airport, explains the aims of this unique environment in an...
read more...Siemens presents AI product for engineering
At Hannover Messe 2024, Siemens is presenting the first generative artificial intelligence (AI) product for engineering in an industrial environment. The Industrial Copilot, a generative AI-supported assistant, is seamlessly connected to the TIA...
read more...Partnerships for computer vision solutions
Basler and MVTec are cooperating independently with Siemens. The new partnerships will enable customers to integrate machine vision applications directly into their existing automation technology.
read more...