"Siemens, Other Vendors Patch Critical ICS Product Vulnerabilities"

The US Cybersecurity and Infrastructure Security Agency (CISA) recently released 15 advisories addressing serious vulnerabilities in industrial control products from Siemens, Mitsubishi Electric, Delta Electronics, and more. One of the vulnerabilities is a critical buffer overflow issue, with a CVSS score of 10.0, in the Sinteso EN and Cerberus PRO EN Fire Protection Systems. The vulnerability stems from the network communication library used in the systems improperly validating the length of X.509 certificate attributes. Man-in-the-Middle (MitM) attackers can exploit the flaw, intercepting the communication of the engineering tool used in the fire system network and allowing the execution of arbitrary code as root on the underlying operating system. This article continues to discuss the potential exploitation and impact of the vulnerabilities found in industrial control products.

CSO Online reports "Siemens, Other Vendors Patch Critical ICS Product Vulnerabilities"

Submitted by grigby1