viernes, 26 de junio de 2020

New Siemens vulnerability disclosed:SSA-312271: UnquotedSearchPathVulnerabilitiesinWindows-basedIndustrialSoftwareApplication

Our colleague Ander Martinez reported through INCIBE-CERT a privilege escalation vulnerability that affects a wide range of Siemens software, including: 

> SIMATIC Automation Tool 
> SIMATIC NET PC software 
> SIMATIC PCS 7 
> SIMATIC ProSave 
> SIMATIC S7-1500 Software Controller
> SIMATIC STEP 7 (TIA Portal) 
> SIMATIC WinCC OA 
> SIMATIC WinCC Runtime Advanced 
> SIMATIC WinCC Runtime Professional V14 
> SINAMICS STARTER commissioning tool 
> SINEC NMS 
> SINEMA Server 
> SINUMERIK 

The vulnerability is SSA-312271: UnquotedSearchPathVulnerabilitiesinWindows-basedIndustrialSoftwareApplication 
Thank INCIBE-CERT for their collaboration in coordinating the disclosure of this vulnerability. 
More details in the URL: https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf 

Some of the workarounds proposed by the manufacturer are: 
• Make sure that there is no executable at the following locations: 
–C: \ Program.exe, 
–C: \ Program Files \ Common.exe, or 
– C: \ Program Files \ Common Files \ Siemens \ Automation \ Simatic.exe 
• Deactivate the Windows service called TraceConceptX. This leads to loss of tracing functionalityand should only be considered as a temporary workaround.
Publicado por en No hay comentarios:

lunes, 22 de junio de 2020

New Challenges ahead!














When we gave birth to Titanium Industrial Security 4 years ago, we knew that we were going to do something great, but seen all this time that has not been so much in perspective, We did not imagine that we would have growth and clients of such a high level as we have.
The effort and desire that the Titanium team has put in has been enormous and it is clear that every effort has its reward.
Today, ending June 2020, we are picking up the 2nd Titanium office to go to what will be our new home: Miramón Technology Park, Mikeletegi 43, 20009 Donostia-San Sebastián.
Here we will share projects, hopes and synergies with  Aingura IIoT (http://www.ainguraiiot.com/) and Ikergune (https://www.ikergune.com/) our colleagues from INZU Group (https://www.inzugroup.com/ )
Thank you very much to all of you who have entrusted your most precious treasures to Titanium Industrial Security and to those who will shortly do so.
When we are finally established we invite you to visit us.
Regards and thanks for everything.




Publicado por en No hay comentarios:
Suscribirse a: Entradas (Atom)