Security alert for vulnerabilities in Siemens PLCs

Siemens has issued a security alert about the company’s Simatic S7-1500 programmable logic controllers (PLCs) after security researchers at Positive Technologies reported “serious vulnerabilities” that exposed industrial processes to denial-of-service (DoS) attacks.

The researchers warn that, left unpatched, the vulnerabilities can be exploited by cyber attackers to disrupt industrial control systems in the automotive, food and beverage industries, where they are commonly used for automation.

Both of the vulnerabilities (CVE-2018-16558 and CVE-2018-16559) received a score of 7.5 out of 10 according to the Common Vulnerability Scoring System(CVSS).

Paolo Emiliani, industry and Scada research analyst at Positive Technologies, said unauthenticated attackers could use these vulnerabilities to carry out DoS attacks against a PLC and severely affect industrial processes.

Read more…
Source: Computer Weekly