Unpatched OpenSSL holes found on Siemens ICSs
Posted on 21 July 2014.
A number of Siemens industrial products have been found sporting four vulnerabilities in their OpenSSL implementation, which could lead to man-in-the-middle (MitM) attacks or the crashing of web servers of the products.


The flaws can be exploited remotely, and exploits that target these OpenSSL vulnerabilities are publicly available, the US Industrial Control Systems Cyber Emergency Response Team (ISC CERT) warned on Thursday.

Of the six affected products, security updates for patching the holes are available only for two.

Until the other four receive a patch, the company has issued a list of actions customers can undertake to mitigate the risk of attacks.

"The affected Siemens industrial products are for process and network control and monitoring in critical infrastructure sectors such as Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater Systems," ISC CERT noted. "The vulnerabilities identified could impact authenticity, integrity, and availability of affected devices."

"Impact to individual organizations depends on many factors that are unique to each organization," they noted, and added that assets owners can additionally protect their systems against general cybersecurity risks by - if possible - making sure they are not accessible from the Internet; by putting the systems behing firewalls and isolating them from the business network; and by using secure methods to access them remotely.









Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //