Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Siemens PowerSys Vulnerability: Local Hackers Can Party Like It’s 1999!
CISA will no longer update ICS security advisories for Siemens product vulnerabilities after the initial advisory. For the latest updates, visit Siemens’ ProductCERT Security Advisories. This change means staying vigilant with Siemens’ resources is crucial for the most current Siemens product vulnerabilities information.
Hot Take:
Looks like Siemens’ PowerSys has a new job title: “Door Greeter.” With improper authentication issues, it’s inviting local attackers right into the control room. Good thing Siemens is pushing updates faster than your favorite streaming service.
Key Points:
- Siemens PowerSys versions prior to V3.11 have a vulnerability that allows local attackers to bypass authentication.
- The vulnerability, CVE-2024-36266, scores an 8.5 on the CVSS v4 scale.
- Critical infrastructure and systems worldwide are at risk.
- Updating to PowerSys V3.11 or later is strongly recommended.
- Minimizing network exposure and using VPNs can help mitigate the risks.
Already a member? Log in here