Tenable Research Discovers Vulnerability in Siemens Critical Infrastructure Design Software

Tenable

Tenable®, Inc., the Cyber Exposure company, today announced its research team discovered a critical vulnerability in Siemens STEP 7 TIA Portal, design and automation software for industrial control systems (ICS).

The vulnerability, which impacts the same family of devices compromised in the STUXNET attack, could be used as a stepping stone in a tailored attack against critical infrastructure, with the potential for catastrophic damage.
The flaw [CVE-2019-10915] would allow an unauthenticated, remote attacker to perform any administrative actions on the system, enabling them to add malicious code to adjacent ICS. A bad actor could also exploit the vulnerability to harvest data in order to plan a future, targeted attack.

The delicate nature and function of critical infrastructure means a successful cyberattack could result in damage to operational technology equipment, disrupt operations, destruction of hardware or cyber espionage.

Tenable PR Here

[optin-monster-shortcode id=”dv4jqlr9fih8giagcylw”]

Author

Featured

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on whatsapp

Trending Issues

Join over 5,000 Industrial OT & Cyber professionals

Weekly Newsletter direct to your inbox