Dubai, UAE: Tenable®, Inc., the Cyber Exposure company, today announced its research team discovered a critical vulnerability in Siemens STEP 7 TIA Portal, design and automation software for industrial control systems (ICS). The vulnerability, which impacts the same family of devices compromised in the STUXNET attack, could be used as a stepping stone in a tailored attack against critical infrastructure, with the potential for catastrophic damage.

The flaw [CVE-2019-10915] would allow an unauthenticated, remote attacker to perform any administrative actions on the system, enabling them to add malicious code to adjacent ICS. A bad actor could also exploit the vulnerability to harvest data in order to plan a future, targeted attack. The delicate nature and function of critical infrastructure means a successful cyberattack could result in damage to operational technology equipment, disrupt operations, destruction of hardware or cyber espionage.

“Attacks on critical infrastructure go well-beyond cyberspace they have the potential to cause physical damage and harm. And the threats to these often delicate systems cannot be overstated,” said Renaud Deraison, chief technology officer and co-founder, Tenable. “Cooperation and collaboration between researchers and vendors are of utmost importance when it comes to vulnerability disclosures. Tenable Research is committed to working with willing vendors, like Siemens, to protect organizations everywhere from new and emerging threats.”

Siemens has released patches to address this vulnerability. Users are urged to confirm their systems have been updated to the latest version.

For more information about the vulnerability, read the Tenable Research blog post onMedium.

About Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com

Contact Information:
Sharon Divan
sharon@oakconsulting.biz 

© Press Release 2019

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.