- Security News
- Vulnerabilities & Exploits
- Siemens Update Addresses Critical Vulnerability Found in Measuring Device
Siemens recently issued an update that addresses a vulnerability found in one of their measuring devices that could potentially allow an attacker to bypass built-in authentication measures and take control of the machine. Discovered by researcher Maxim Rupp, CVE-2017-9944 affects the 7KT PAC1200 smart meter, a multichannel measuring device that allows users to monitor their energy consumption via easily installed sensors. The device then displays measurements for current, voltage, and power on either a web browser or an app that is available for both iOS and Android.
A successful exploit of the vulnerability in the product’s integrated web server gave an unauthenticated remote attacker administrative control over the device via the web interface.
The company advised users of 7KT PAC1200 devices to update their firmware to version 2.03, which fixes the vulnerability. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which also issued an advisory regarding the vulnerability, also provided the following recommendations to mitigate the effects of CVE-2017-9944 and other similar vulnerabilities:
Industrial devices are crucial to an organization’s operation, thus securing these devices should be of utmost importance. While there are a number of ways smart meters and other similar devices can be compromised, there are also defensive strategies that can be implemented to protect industrial control systems. These include:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.