A Security researcher has discovered two potential vulnerabilities in Siemens Ethernet switches allows a remote attacker to perform administrative operations.
The vulnerabilities were discovered by Eireann Leverett, Senior security consultant for IOActive and have been reported to Siemens.
The first vulnerability(CVE-2013-5944) could allow hackers to perform administrative operation over the network without authentication.
Sponsored Links
The Second vulnerability (CVE-2013-5709) could allow hackers to hijack web sessions over the network without authentication. This is due to insufficient entropy in its random number generator.
Siemens produced a patch within 3 months. Customers of Siemens are advised to apply the SCALANCE X-200 firmware update.
Eireann is scheduled to demonstrate the vulnerabilities and release proof-of-concept code for organizations to check their own devices, at next week's S4 SCADA security conference in Miami.
The vulnerabilities were discovered by Eireann Leverett, Senior security consultant for IOActive and have been reported to Siemens.
The first vulnerability(CVE-2013-5944) could allow hackers to perform administrative operation over the network without authentication.
Sponsored Links
The Second vulnerability (CVE-2013-5709) could allow hackers to hijack web sessions over the network without authentication. This is due to insufficient entropy in its random number generator.
Siemens produced a patch within 3 months. Customers of Siemens are advised to apply the SCALANCE X-200 firmware update.
Eireann is scheduled to demonstrate the vulnerabilities and release proof-of-concept code for organizations to check their own devices, at next week's S4 SCADA security conference in Miami.
Dated: Monday, January 13, 2014
0 comments:
Post a Comment