Siemens Security Snafu: Low Complexity, High Risk – Time to Update!
Attention Siemens Energy Services users: CISA is bowing out of updating security advisories on Siemens vulnerabilities. Keep your systems secure by checking Siemens’ ProductCERT for the latest info. Remember, a USB stick could reset your admin password faster than you can say “oops!” Stay vigilant and update to the latest software version.
Hot Take:
Well, well, well, it seems Siemens Energy Services has a new version of playing “Password Roulette” where all it takes is a USB stick and some physical access to reset the admin password. Who knew your friendly neighborhood hacker could start their day with a cup of coffee and a password reset before lunchtime? Maybe Siemens should consider renaming their devices to “Elspec G5: Where Passwords Go to Disappear.”
Key Points:
- Siemens is no longer updating ICS security advisories for vulnerabilities in their products beyond initial advisories.
- The vulnerability allows an attacker with physical access to reset the Admin password using a USB drive.
- Siemens recommends updating the affected Energy Services product to version V1.2.3.13 or above.
- CISA suggests minimizing network exposure and using VPNs for remote access.
- No known public exploitation of this vulnerability has been reported yet.