by Dennis Fisher December 11, 2014
Experts at ICS-CERT say that the BlackEnergy malware that has been seen infecting human-machine interface systems may be exploiting a recently patched vulnerability in the Siemens SIMATIC WinCC software in order to compromise some systems.
The ICS-CERT originally issued an alert about the attacks by the venerable BlackEnergy malware in October, and at the time the group warned that the malware was targeting three specific HMI products: GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC.
Full Article
Black Energy Malware May Be Exploiting Patched WinCC Flaw
Userlevel 7
+54
Userlevel 7
+54
by Pierluigi Paganini on December 12th, 2014 http://securityaffairs.co/wordpress/wp-content/uploads/2014/12/BlackEnergy-wincc.jpg
Siemens has issued a software update for SIMATIC WinCC on Nov. 11, which fixes two critical vulnerabilities, including an unauthenticated remote code execution.
Full Article
The ICS-CERT revealed that the BlackEnergy malware targeted SCADA HMI systems may be exploiting a recently patched flaw in the Siemens SIMATIC WinCC.
Security experts at the Industrial Control System Cyber Emergency Response Team (ICS-CERT) reported that the BlackEnergy malware was used by threat actors in the wild to compromise HMI (human-machine interface) systems. The experts explained that the malware was specifically improved to exploit a recently patched vulnerability in the Siemens SIMATIC WinCC software to compromise some systems.Siemens has issued a software update for SIMATIC WinCC on Nov. 11, which fixes two critical vulnerabilities, including an unauthenticated remote code execution.
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.