14 DAY TRIAL // A security researcher from IOActive has identified two vulnerabilities in Siemens’ SCALANCE X-200 switches, devices used to connect components of Industrial Control Systems (ICS), such as Human Machine Interfaces and Programmable Logic Controllers.
The first vulnerability affected the web server authentication component. It could have been exploited by cybercriminals to gain access to critical services on the network without needing authentication.
The second security hole could have been leveraged to hijack web sessions. Both of the issues were detected by Eireann Leverett, senior security consultant for IOActive.
Fortunately, Siemens ProductCERT, the team at Siemens responsible with security issues in products, addressed the vulnerabilities shortly after being contacted by ICS-CERT.
“Siemens ProductCERT were professional, courteous, and did not adopt an adversarial attitude when I contacted them about the vulnerabilities. Consequently, we were able to clarify the vulnerabilities quickly, and they produced a patch within three months,” said Leverett.
“I challenge other ICS vendors to match this timeline for security patching in the future,” he added.