Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Siemens SINUMERIK Security Fiasco: Update Now or Risk Password Leak!
As of January 10, 2023, CISA stops updating ICS security advisories for Siemens products. For the latest on Siemens SINUMERIK systems vulnerabilities, check Siemens’ ProductCERT Security Advisories.
Hot Take:
Siemens’ SINUMERIK systems are apparently the new playground for low-privilege users who dream of being hackers. If you thought low attack complexity meant a lazy afternoon, guess again! Time to update those systems before someone with a user manual and a dream gets their hands on your passwords.
Key Points:
- CISA will stop updating ICS security advisories for Siemens product vulnerabilities after initial advisory.
- Vulnerability in Siemens’ SINUMERIK systems allows local, low-privilege users to read sensitive information.
- CVSS v4 score of 6.8, indicating moderate severity.
- Vulnerable products include SINUMERIK 828D, 840D sl, and ONE systems with specific version constraints.
- Siemens recommends updates and manual deletions of log files to mitigate the risk.