Categorías: cybersecurity

Critical Vulnerability in Siemens STEP 7 TIA Portal

What happened?

A critical vulnerability has been found in Siemens STEP 7 TIAPortal, one of the most widely used design and automation programs for industrial control systems (ICS) worldwide. Users are urged to confirm that their systems have been upgraded to the latest version.

The critical vulnerability has been discovered by Tenable Research and would allow an attacker to take administrative action.

What’s the attack vector?

Jumping the authentication mechanism on the TIA Manager server through the node.js server web sockets

What is the impact on the business?

An attacker could compromise a TIA Portal system and use its access to add malicious code to adjacent industrial control systems. Attackers could also use the access gained through exploiting this vulnerability to steal sensitive data in existing OT configurations to continue progressing and plan attacks targeting critical infrastructure.

In the worst case, a vulnerable TIA Portal system can be used as a springboard in an attack that causes catastrophic damage to the OT team, disrupts critical operations, or conducts cyber espionage campaigns.

What’s the solution?

Siemens has released an update and security notice for this vulnerability.

Should I be worried?

Modern industrial operations often encompass complex IT and OT infrastructures, with new security challenges for critical environments, while making cybersecurity threats even more difficult to detect, investigate, and remedy.

Solutions?

OT/ICS/SCADA monitoring and management services have become easier thanks to our solution based on a QRadar SIEM and Indegy ICS.

sixe

Compartir
Publicado por
sixe

Entradas recientes

IBM Power 2025 Webinars: Learn for free with experts

Can you imagine finding solutions to your Linux, AIX, IBM i, etc... all in one?!🙀…

2 weeks hace

How to implement an ML architecture without failing in the attempt

📌 Are you interested in automation, AI, etc? You are in the right place. At…

1 month hace

IBM Power11: everything we know so far

Constantly updated post (based exclusively on SIXE's opinions and expectations) The evolution of Power architecture…

2 months hace

IBM Power9: Upgrade or maintain? What to do after the end of official support

Is my Power9 obsolete, should we upgrade to Power10 or Power11? Stop for a moment,…

2 months hace

Why is it crucial to perform an AIX healthcheck?

Did you know that many AIX systems are "working fine" until they suddenly... stop working?😱…

2 months hace

What do we expect from IBM Power11?

The evolution of IBM's Power architecture has been the subject of intense debate in the…

5 months hace