Unpatched OpenSSL holes found on Siemens ICSs
Posted on 21 July 2014.
A number of Siemens industrial products have been found sporting four vulnerabilities in their OpenSSL implementation, which could lead to man-in-the-middle (MitM) attacks or the crashing of web servers of the products.


The flaws can be exploited remotely, and exploits that target these OpenSSL vulnerabilities are publicly available, the US Industrial Control Systems Cyber Emergency Response Team (ISC CERT) warned on Thursday.

Of the six affected products, security updates for patching the holes are available only for two.

Until the other four receive a patch, the company has issued a list of actions customers can undertake to mitigate the risk of attacks.

"The affected Siemens industrial products are for process and network control and monitoring in critical infrastructure sectors such as Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater Systems," ISC CERT noted. "The vulnerabilities identified could impact authenticity, integrity, and availability of affected devices."

"Impact to individual organizations depends on many factors that are unique to each organization," they noted, and added that assets owners can additionally protect their systems against general cybersecurity risks by - if possible - making sure they are not accessible from the Internet; by putting the systems behing firewalls and isolating them from the business network; and by using secure methods to access them remotely.









Spotlight

What security experts think about Apple Pay

Posted on 11 September 2014.  |  Apple Pay works with iPhone 6 and iPhone 6 Plus through a NFC antenna design, a dedicated chip called the Secure Element, and the security and convenience of Touch ID.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 12th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //