Dodgy creds found in Siemens ICS gear

Don't run our stuff on soft networks, Siemens chimes

2 Reg comments Got Tips?

The US computer emergency response team is warning of weak credentials in Siemens SIMATIC WinCC flexible that can be remotely exploitable.

The flaw, found by Positive Technologies' Gleb Gritsai and Roman Ilin, has been patched.

Fortunately, it seems to require that attackers already have some privileged network position from which traffic could be inspected.

The PC software is popular among utilities including those in chemical, energy, and water sectors around the world.

"The remote management module of SIMATIC WinCC flexible panels and SIMATIC WinCC flexible runtime transmits weakly protected credentials over the network," the industrial control system CERT says.

"Attackers capturing network traffic of the remote management module could possibly reconstruct the credentials.

"Impact to individual organisations depends on many factors that are unique to each organisation.

The SIMATIC WinCC flexible software is used for visualisation and machine operations running on PCs or Siemens gear.

The flaw (CVE-2015-1358b) is considered of medium severity given its ability to be remotely compromised.

"An attacker with high skill would be able to exploit this vulnerability," the CERT says

A patch can be downloaded by affected users.

Siemens says strong security controls should protect its industrial control system gear in line with operational guidelines ®


Biting the hand that feeds IT © 1998–2020