Siemens SINUMERIK Security Fiasco: Update Now or Risk Password Leak!

As of January 10, 2023, CISA stops updating ICS security advisories for Siemens products. For the latest on Siemens SINUMERIK systems vulnerabilities, check Siemens’ ProductCERT Security Advisories.

Hot Take:

Siemens’ SINUMERIK systems are apparently the new playground for low-privilege users who dream of being hackers. If you thought low attack complexity meant a lazy afternoon, guess again! Time to update those systems before someone with a user manual and a dream gets their hands on your passwords.

Key Points:

  • CISA will stop updating ICS security advisories for Siemens product vulnerabilities after initial advisory.
  • Vulnerability in Siemens’ SINUMERIK systems allows local, low-privilege users to read sensitive information.
  • CVSS v4 score of 6.8, indicating moderate severity.
  • Vulnerable products include SINUMERIK 828D, 840D sl, and ONE systems with specific version constraints.
  • Siemens recommends updates and manual deletions of log files to mitigate the risk.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here