CISA has published an advisory on use of a broken or risky cryptographic algorithm and missing support for integrity check vulnerabilities in Siemens S7-1200 and S7-1500 CPU Families. Multiple versions of multiple products are affected. Successful exploitation of these vulnerabilities may allow an attacker to modify network traffic or impact the perceived integrity of the user program stored on the CPU. Siemens has released updates for some of the products and recommends users update to the new versions. Siemens is preparing further updates and recommends specific countermeasures until patches are available. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
Thank you to everyone who helped make H2OSecCon Spring 2024 happen! As noted during the event, WaterISAC intends to conduct another H2OSecCon this year, so stay tuned for updates!