Tenable Research Discovers Vulnerability in Siemens Critical Infrastructure Design Software

Tenable

Tenable®, Inc., the Cyber Exposure company, today announced its research team discovered a critical vulnerability in Siemens STEP 7 TIA Portal, design and automation software for industrial control systems (ICS).

The vulnerability, which impacts the same family of devices compromised in the STUXNET attack, could be used as a stepping stone in a tailored attack against critical infrastructure, with the potential for catastrophic damage.
The flaw [CVE-2019-10915] would allow an unauthenticated, remote attacker to perform any administrative actions on the system, enabling them to add malicious code to adjacent ICS. A bad actor could also exploit the vulnerability to harvest data in order to plan a future, targeted attack.

The delicate nature and function of critical infrastructure means a successful cyberattack could result in damage to operational technology equipment, disrupt operations, destruction of hardware or cyber espionage.

Tenable PR Here

Author

Featured

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on whatsapp

Trending Issues