Today the DHS ICS-CERT published a control system security
advisory describing a denial-of-service vulnerability in Siemens SICAM
products. The vulnerability was reported by Adam Crain of Automatak LLC.
Siemens has produced a firmware update to mitigate the vulnerability. There is
no indication that Adam has been provided an opportunity to verify the efficacy
of the fix.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit this vulnerability to cause a denial of service. The Siemens Security
Advisory reports that the vulnerability exist in the SM-2558 and SM-2556
IEC 60870-5-104 COM Modules used in the SICAM products.
Siemens announced
their advisory on TWITTER® last Friday.
Posts
No comments:
Post a Comment