Siemens has fixed vulnerabilities in SIMATIC WinCC 7.0 and SIMATIC PCS7 V8 discovered by SCADAStrangeLove team. There are
very different one, from trivial XSS and CSRF (last one still unfixed) to arbitrary
file reading and awesome username and password disclosure.
ShortList of bugs addresed in SSA-864051:
- Lot of XSS and CSRF (CVE-2012-3031, CVE-2012-3028)
- Lot of to arbitrary file reading (CVE-2012-3030)
- SQL injection over SOAP (CVE-2012-3032)
- Username and password disclosure via ActiveX abuse (CVE-2012-3034)
Thanks to Denis
Baranov Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Timur Yunusov.
Now we had
more info for our speech at power of community. The world has become
safer! Hurray!
No comments:
Post a Comment