Connect with us
Siemens and Schneider Electric have fixed over 40 vulnerabilities in Siemens and Schneider Electric have fixed over 40 vulnerabilities in

Security

Siemens and Schneider Electric have fixed over 40 vulnerabilities in their products

Published

on

Several critical vulnerabilities scored a maximum of 10 on the CVSS scale.

Siemens and Schneider Electric have published a total of 25 bulletins addressing over 40 vulnerabilities affecting their industrial products.

Siemens released 21 new bulletins and updated 25 previously published bulletins. The new bulletins cover 36 vulnerabilities, including five critical issues. One of the critical vulnerabilities, which received a maximum 10 on the CVSS scale, affects the Desigo CC construction management platform and the Cerberus danger management station (DMS). A deserialization vulnerability could allow an unauthorized attacker to execute arbitrary code on the system. The risk of exploitation is higher for systems connected directly to the Internet.

Another critical issue, with a CVSS score of 10, is a command injection vulnerability affecting Siveillance Open Interface Services (OIS). The issue could be exploited by a remote unauthorized attacker to execute code with superuser privileges.

A buffer overflow vulnerability in the web server of APOGEE and TALON automation devices is also critical. A remote attacker could exploit the issue to execute arbitrary code with superuser privileges.

The Siemens Industrial Edge app resolves a critical issue that could allow an unauthorized attacker to change the password of any user on the system.

Another critical issue affects the SIPROTEC 5 relay and could allow a remote attacker to trigger a Denial of Service (DoS) condition or execute arbitrary code.

Resolved dangerous issues in Ruggedcom ROX (device control interception vulnerability), Simcenter STAR-CCM + Viewer (code execution or data theft), Siemens NX (access violation and potential code execution), SINEC NMS (file loading and management configuration), SCALANCE switches (DoS), Teamcenter (account hijacking and unauthorized access to data), SIMATIC NET CP (DoS) modules, LOGO! CMR and SIMATIC RTU 3000 (DoS), SIPROTEC 5 (DoS), RFID terminals (code execution) and SINEMA Remote Connect Server (DoS).

Schneider Electric released four notifications covering a total of seven vulnerabilities. Two issues affect the StruxureWare Data Center Expert physical infrastructure management product. Both critical vulnerabilities could allow an attacker to remotely execute arbitrary code.

An arbitrary code execution vulnerability has been identified in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect. For successful exploitation, an attacker would need to trick the victim into opening a malicious project file.

Three critical issues have been fixed in the Modicon M340 PLC web server component. They can be used to retrieve confidential information or invoke DoS status.

Click to comment

Leave a Reply

Your email address will not be published.

Gaming

PlayStation 5 has been hacked. You can install games, but you can’t run them yet

Published

on

PlayStation 5 has been hacked You can install games but

Nearly two years after the PlayStation 5 went on sale, modders have found a way to jailbreak the console, albeit with some restrictions.

IGN notes that the modder, known as SpecterDev, disclosed an apparent jailbreak that is described as an experimental IPV6 kernel exploit exploiting a WebKit vulnerability.

The jailbreak will only work on PS5 systems with firmware 4.03 or later. If you’ve updated your PS5 since October last year, you won’t be able to try the exploit. But even if you need firmware, an attempt to install a jailbreak works only in a third of cases.

PlayStation 5 has been hacked.  You can install games, but you can't run them yet

As for what you can do with a jailbroken PS5 right now, you’ll get access to the system’s debug menu. You can also install games from outside the PlayStation Store, but you cannot run third-party software.

Modder Lance McDonald tested the jailbreak and was able to install the PT demo, the famous teaser of the canceled Silent Hills game. However, he was unable to start playing the game. Although the exploit offers read/write access to the PS5, there is currently no way to execute the downloaded files. In any case, PT is not backwards compatible with PS5.

It is currently unlikely that this jailbreak will be widely used anytime soon due to its limitations and the fact that Sony can ban modder accounts. On top of that, there is a risk of locking the console at that time. However, it may give other hackers and modders a foundation to build more robust jailbreak tools.

Continue Reading

Security

Hacker Hacked Fast Company’s Apple News Account and Spread Racist Messages

Published

on

Hacker Hacked Fast Companys Apple News Account and Spread Racist

An unknown hacker was able to access the business publication Fast Company’s Apple News account and sent out a series of obscene and racist messages via push notifications. Subscribers are the victims.

Hacker Hacked Fast Company's Apple News Account and Spread Racist Messages

Fast Company confirmed the hack, and so did Apple. The incident is currently under investigation.

Fast Company’s Apple News account was hacked Tuesday night. After that, two push notifications with obscene and racist content were sent with a minute interval. The messages are disgusting and do not match Fast Company content. We are investigating the incident and have also paused feed updates and closed FastCompany.com until we are confident the situation has been resolved.“, – noted in the publication.

Shortly before the shutdown, the hacker himself posted an entire article on the Fast Company website, where he described in detail how he managed to bypass the protection. It turned out that the accounts on the site were protected by the same password, this also applies to the account of the site administrator. Having gained access to them, the hacker was able to get to the authentication tokens and log in to Apple News.

At the same time, in addition to hooliganism, no financial losses or manipulations were recorded.

Continue Reading

Security

Young hacker who leaked GTA 6 material denies his guilt

Published

on

Young hacker who leaked GTA 6 material denies his guilt

The 17-year-old hacker, who was previously arrested in the UK on suspicion of hacking Rockstar Games and Uber, has pleaded not guilty. According to police, he appeared in court over the weekend, but refused to plead guilty to PC misuse. At the same time, he admitted that he violated the conditions of release on bail. Now he is being held in a juvenile detention center.

Young hacker who leaked GTA 6 material denies his guilt

According to investigators, the 17-year-old is part of the Lapsus$ hacker group and is behind the recent leak of videos and other details of the $2 billion GTA 6 game.

Earlier, a hacker under the nickname teapotuberhacker published an archive with video and source code from an early version of GTA 6, which has already gone viral. Take-Two tried to stop the spread of the leak, but it was only partially successful.

The hacker also said that it was he who attacked the Uber computer system, gaining access to correspondence, email addresses, and so on.

At the moment, the investigation is ongoing, so it is not yet clear how this story will end.

Continue Reading

Most Popular