Engineering software / Security
Gap discovered in the 'Siemens Step 7 TIA Portal'
Tenable, a cyber security expert, has discovered a critical vulnerability in the 'Siemens Step 7 TIA Portal'. The vulnerability affects the same device family that was affected by Stuxnet.
The vulnerability [CVE-2019-10915] allows external attackers to carry out any administrative activity on the system. This makes it possible to distribute the malicious code to neighboring ICS (Industrial Control Systems). According to Tenable, the vulnerability could also be used to collect data for a future attack. Due to the sensitive functions of the critical infrastructure, a successful attack could potentially damage operational technology devices, stop processes, destroy hardware or open the gates for cyber espionage.
Siemens has released patches to address the vulnerability. Users should ensure that their systems have been updated to the latest version. More information about the vulnerabilities can be found in the Tenable Research blog post on Medium.
You might also be interested in
Another security gap
The Claroty Research Team has identified and reported a serious vulnerability to bypass the memory protection of the S7-1200 and S7-1500 PLCs.
read more...Body reaction as a password
Forgot your password? The Paluno Software Technology Institute at the University of Duisburg-Essen (UDE) is researching a new approach that combines biometrics and password protection.
read more...Vulnerability discovered in Scalance switches from Siemens
Nozomi Networks Labs has discovered a new vulnerability in Siemens' Scalance Switches. It affects the Telnet server and allows a hacker to crash the service by sending large amounts of packets via TCP port 23.
read more...Siemens - the 3rd quarter of 2019
'Digital Industries' and 'Gas and Power' cause concern
Despite considerable headwinds in key markets, Siemens grew its order intake and revenue in the third quarter of 2019. EBITA and profit, on the other hand, fell, mainly due to declines in 'Digital Industries' and 'Gas and Power'. The figures in...
read more...'Forum Safety & Security 2019'
The two sides of security
A total of 228 participants, speakers and exhibitors came together from July 8 to 10 in the Sindelfingen Stadthalle for an intensive exchange of information on the two sides of the "security coin" - as part of the 'Forum Safety & Security 2019'.
read more...Mechanical and plant engineering
VDMA study 'Industrial Security 2019' - the results
After 2013, the VDMA has once again conducted a survey on industrial security among manufacturing companies in Germany. The key results in a series of images.
read more...New Board of Directors in the Security Association
Dirk Dingfelder (D+H Mechatronic) is the new Chairman of the Board of the ZVEI Safety Association. He succeeds Uwe Bartmann (Siemens), who was Chairman for many years and no longer stood as a candidate.
read more...New products from the security sector
In the age of Industry 4.0, the cloud and big data, the topic of IT security is becoming increasingly important. Computer&AUTOMATION has summarized product innovations from the field of security in a series of images.
read more...Weak point management in production
Vulnerability and patch management are well established in the world of office IT. Not so in manufacturing environments - cyber attacks have an easy time of it.
read more...