Unpatched OpenSSL holes found on Siemens ICSs
Posted on 21 July 2014.
A number of Siemens industrial products have been found sporting four vulnerabilities in their OpenSSL implementation, which could lead to man-in-the-middle (MitM) attacks or the crashing of web servers of the products.


The flaws can be exploited remotely, and exploits that target these OpenSSL vulnerabilities are publicly available, the US Industrial Control Systems Cyber Emergency Response Team (ISC CERT) warned on Thursday.

Of the six affected products, security updates for patching the holes are available only for two.

Until the other four receive a patch, the company has issued a list of actions customers can undertake to mitigate the risk of attacks.

"The affected Siemens industrial products are for process and network control and monitoring in critical infrastructure sectors such as Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater Systems," ISC CERT noted. "The vulnerabilities identified could impact authenticity, integrity, and availability of affected devices."

"Impact to individual organizations depends on many factors that are unique to each organization," they noted, and added that assets owners can additionally protect their systems against general cybersecurity risks by - if possible - making sure they are not accessible from the Internet; by putting the systems behing firewalls and isolating them from the business network; and by using secure methods to access them remotely.









Spotlight

Fake "Online Ebola Alert Tool" delivers Trojan

Posted on 29 October 2014.  |  Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //