"Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector"

Siemens recently patched several vulnerabilities in some of its Sicam products that could be exploited in attacks against the energy sector. In May, Siemens released updates for its Sicam A8000 remote terminal unit, Sicam EGS grid sensors, and Sicam 8 power automation software. One of the vulnerabilities is a buffer overread issue that can enable attackers to read sensitive data from memory, potentially leading to arbitrary code execution in the context of the current process or to a Denial-of-Service (DoS) condition. Another vulnerability is a command injection issue in the products’ web interface that lets an attacker steal the username and password of users with elevated privileges. This article continues to discuss the vulnerabilities recently patched in Siemens Sicam products.

SecurityWeek reports "Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector"

Submitted by grigby1