DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Tech News

Critical bugs trouble Siemens automation systems

DigitalCIO Bureau by DigitalCIO Bureau
February 13, 2019
in Tech News
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Source: Cyware | By Ryan Stewart

• The flaws exist in SICAM 230, an industrial control system (ICS) by Siemens used in energy-related applications.
• Siemens has recommended users to apply updates for the DRM used in SICAM 230 to patch the issue.

A string of vulnerabilities present in one of Siemens’ automation systems has been identified. SICAM 230, an ICS meant for smart-grid applications is the affected product.

In a security advisory, Siemens has mentioned that the flaws could allow a serious remote code execution (RCE) attack in the automation system. Specifically, SICAM 230’s digital rights management (DRM) solution, known as WibuKey DRM, contained three critical vulnerabilities.

These flaws are marked using the CVSS 3.0 scoring system with the following scores:

• CVE-2018-3989 – 4.3
• CVE-2018-3990 – 9.3
• CVE-2018-3991 – 10.0

Among them, the first vulnerability CVE-2018-3989 — allows custom I/O request packet to return uninitialized memory thus revealing kernel memory. Similarly, the second one CVE-2018-3990 allows custom I/O request packet to cause a buffer overflow resulting in privilege escalation. The third vulnerability CVE-2018-3991 allowed TCP packets to port 22347/tcp causing a heap overflow. This would ultimately give way for an RCE attack.

Advisories with mitigations released
However, Siemens has urged its customers to update the WibuKey DRM to the latest version provided through WibuKey’s website. Apart from that, the German company has patched flaws found in their other products.

A total of 16 security advisories were published covering various products in their portfolio. Industrial systems such as SIMATIC, SIMOTION, and SINAMIC were found to have vulnerabilities that could permit denial of service attacks.

While some of these were patched through updates, Siemens is currently working on the others and has suggested workaround mitigations to prevent any security incident.

* Lead image used for representational purposes only.

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

Freshworks Appoints Ian Tickle as Chief of Global Field Operations

by DigitalCIO Bureau
June 20, 2025
0
Freshworks Appoints Ian Tickle as Chief of Global Field Operations

Freshworks has announced the appointment of Ian Tickle as Chief of Global Field Operations (CGFO). Tickle, who has served in this capacity on an interim basis since April, while maintaining...

Read moreDetails

C-Suite misalignment over GenAI adoption

by DigitalCIO Bureau
June 20, 2025
0

NTT DATA has launched its new report, “The AI Security Balancing Act: From Risk to Innovation,” highlighting the opportunities and risks AI presents in cybersecurity. The findings show...

Read moreDetails

HCLSoftware Unveils XDO Framework In Dubai

by DigitalCIO Bureau
June 19, 2025
0
HCLSoftware Unveils XDO Framework In Dubai

HCLSoftware, the enterprise software division of HCLTech, kicked off its high-octane Executive Summit at Madinat Jumeirah on June 3. The invitation-only event blended Formula 1 energy with enterprise...

Read moreDetails

GerriScary: Hacking the Supply Chain Of Popular Google Products

by DigitalCIO Bureau
June 19, 2025
0
Tenable Reveals Vulnerability dubbed ConfusedFunction in Google Cloud Platform

Tenable has identified a vulnerability in Google's open-source code review system, Gerrit, dubbed GerriScary. The vulnerability allowed unauthorised code submission to at least 18 major Google projects, including...

Read moreDetails

Proofpoint And Wiz Integrate Security Solutions

by DigitalCIO Bureau
June 18, 2025
0
Proofpoint And Wiz Integrate Security Solutions

Proofpoint has announced the general availability of an integration between its Data Security Posture Management (DSPM) solution and Wiz, a leader in cloud security. As part of the Wiz...

Read moreDetails
Next Post

IBM makes Watson available for competing Cloud services

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

VIAVI Launches Observer GigaFlow

January 30, 2019
SolarWinds AI Launches to Transform IT Service Management

SolarWinds AI Launches to Transform IT Service Management

May 22, 2024

Athenta Technologies Supports Customers in Leveraging Infrastructure Management Solutions

October 24, 2019

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare Commvault CrowdStrike Cybersecurity Dell Technologies Digital Transformation Dynatrace E-books Fortinet Gartner GenAI Generative AI Google Cloud HCLTech Honeywell IBM Infographics Internet of Things (IoT) Kaspersky Microsoft Netskope NTT DATA Palo Alto Networks Panel Discussion Qlik Salesforce ServiceNow Sophos Tenable Veeam Veeam Software Vertiv Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?