Skip to main content

Siemens products remain susceptible to hijacking, DoS attacks.

by Dan Goodin - July 18 2014

 

More than three months after the disclosure of the catastrophic Heartbleed vulnerability in the OpenSSL library, critical industrial control systems sold by Siemens remain susceptible to hijacking or crashes that can be triggered by the bug, federal officials have warned.

The products are used to control switches, valves, and other equipment in chemical, manufacturing, energy, and wastewater facilities. Heartbleed is the name given to a bug in the widely used OpenSSL cryptographic library that leaks passwords, usernames, and secret encryption keys. While Siemens has updated some of its industrial control products to patch the Heartbleed vulnerability, others remain susceptible, an advisory published Thursday by the Industrial Control Systems Cyber Emergency Response Team warned.

 

Full Aticle
by Michael Mimoso   July 18, 2014

 

Siemens says it is working on patches for four critical vulnerabilities in the OpenSSL libraries it uses in a number of its industrial control products, flaws that are being exploited in the wild.

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) cautioned too that critical infrastructure operators managing these process and network control and monitoring devices rely on a number of temporary mitigations until patches are available.

 

Full Article

Reply