You are here

Siemens SCALANCE X (ICSA-19-162-04) – Products Used in the Water and Wastewater and Energy Sectors

Siemens SCALANCE X (ICSA-19-162-04) – Products Used in the Water and Wastewater and Energy Sectors

Created: Wednesday, June 12, 2019 - 22:26
Categories:
Cyber Security

The NCCIC has published an advisory on a storing passwords in recoverable format vulnerability in Siemens SCALANCE X. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to reconstruct passwords for users of the affected devices, if the attacker is able to obtain a backup of the device configuration. Siemens has identified specific workarounds and mitigations to reduce the risk. The NCCIC also advised on a series of mitigating measures for the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.