"CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has published four advisories regarding Industrial Control Systems (ICS), highlighting multiple security flaws impacting Siemens, GE Digital, and Contec products. Siemens SINEC INS is vulnerable to Remote Code Execution (RCE) through a path traversal flaw and command injection, which have been identified as the most severe vulnerabilities. Siemens has also addressed an authentication bypass vulnerability in the llhttp parser, and an out-of-bounds write flaw in the OpenSSL library that could be used for RCE. The advisories were published less than a week after CISA issued 12 similar warnings concerning significant flaws in software from Sewio, InHand Networks, Sauter Controls, and Siemens. This article continues to discuss CISA's warnings regarding security flaws affecting products from Siemens, GE Digital, and Contec.

THN reports "CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems"