The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) cautioned users who work in electrical substations to update certain builds of energy automation software this week.
ICS-CERT claims two vulnerabilities exist in the Siemens SICAM Power Automation System, or PAS, that could enable an attacker to reconstruct passwords and obtain sensitive information under certain conditions.
Siemens, the German industrial automation technology company that manufactures the software, released an update to address the first vulnerability this week. Users are being encouraged to update to version 8.07 of SICAM PAS to mitigate that issue.
Full Article