Security Experts:

Connect with us

Hi, what are you looking for?



Siemens Fixes Vulnerabilities in Several ICS Products

Siemens has produced updates to address security flaws in several of the company’s solutions. ICS-CERT and Siemens have published a total of five advisories providing information on the vulnerabilities.

Siemens has produced updates to address security flaws in several of the company’s solutions. ICS-CERT and Siemens have published a total of five advisories providing information on the vulnerabilities.

Ivan Sanchez from WiseSecurity Team has discovered a search path flaw (CVE-2015-1594) impacting Siemens SIMATIC ProSave (versions prior to V13 SP1), SIMOTION Scout (versions prior to V4.4), STARTER (versions prior to V4.4 HF3), SIMATIC CFC (versions prior to V8.0 SP4), SIMATIC STEP 7 V5.5, and SIMATIC PCS 7 (versions prior to V8.0 SP2).

The vulnerability can be exploited by a malicious actor to execute arbitrary code with the privileges of the user running the impacted products. The arbitrary code can be executed from files located on the local file system or in connected network shares so the attacker must be able to trick the user into opening the malformed file.

Davide Peruzzi of GoSecure! has identified a denial-of-service (DoS) vulnerability affecting SPC Controllers, hybrid physical intrusion detection and access control systems. The flaw (CVE-2014-9369) affects SPC Controllers of the SPC4000, SPC5000 and SPC6000 series, versions prior to 3.6.0.

An attacker with network access can cause the devices to restart by sending specially crafted packets to the Web interface.

Researchers at the Freie Universität Berlin in Germany reported a DoS flaw (CVE-2015-2177) affecting all versions of the SIMATIC S7-300 CPU family. An attacker with network access to the affected device can cause the system to go into defect mode by sending specially crafted packets to Port 102/TCP (ISO-TSAP) or via Profibus.

Siemens advises organizations to mitigate the vulnerability by using VPNs to protect network communications between cells, apply the cell protection concept described in the company’s operational guidelines for industrial security, apply read/write protection, and apply defense-in-depth recommendations.

SPCanywhere, the mobile application that allows users to access Siemens SPC intrusion alarm systems remotely via a mobile phone, is plagued by several flaws. The list includes missing encryption of sensitive data (CVE-2015-1595, CVE-2015-1596), storing passwords in a recoverable format (CVE-2015-1598), improper cross-boundary removal of sensitive data (CVE-2015-1597), and an authentication bypass issue (CVE-2015-1599). The vulnerabilities affect all versions of both the Android and the iOS apps.

Siemens has addressed the bugs with the release of a new mobile application called SPC Connect.

There is no evidence to suggest that any of these vulnerabilities have been exploited in the wild, ICS-CERT said.

Siemens has also published an advisory to notify customers that several of the company’s products are affected by the recently disclosed weakness in the Linux glibc library. The vulnerability, dubbed “Ghost,” impacts SINUMERIK and SIMATIC HMI Basic applications. The RUGGEDCOM APE utility-grade computing platform is not affected in its default configuration, but certain installed components and user configurations can make the product vulnerable, Siemens said.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.