Nozomi Networks Discovers Vulnerability in Siemens Building Automation Software | allinfosecnews.com

May 12, 2022, 2:13 p.m. | Nozomi Networks Labs

Security Boulevard securityboulevard.com

Recently, we had the opportunity to do a security analysis of the Siemens PXC4.E16, a Building Automation System (BAS) of the Desigo/APOGEE family for HVAC and building service plants. In this blog, we are publishing the details of a vulnerability that was caused by an improper implementation of the password-based key derivation mechanism for user accounts. It could also have been abused to perform a Denial-of-Service (DoS) attack against the controller.

The post Nozomi Networks Discovers Vulnerability in Siemens Building …

automation blog building automation iot iot & ics security labs labs blogs malware networks nozomi networks nozomi networks labs siemens software vulnerabilities vulnerability vulnerability disclosure

More from securityboulevard.com / Security Boulevard

Navigating Email: From Spam Wars to Trusted Relationships 4 hours ago | securityboulevard.com

art call communication email +6

USENIX Security ’23 – Intender: Fuzzing Intent-Based Networking with Intent-State Transition Guidance 22 hours ago | securityboulevard.com

access authors channel conference +20

Disgraced, Twice Impeached, Former President Joins His Long List Of Campaign And Administration Officials And … 22 hours ago | securityboulevard.com

administration advisors campaign candidates +8

What is an IS (RBI) Audit? 1 day, 6 hours ago | securityboulevard.com

address audit banking banks +27

The Ultimate Guide to FedRAMP Marketplace Designations 1 day, 13 hours ago | securityboulevard.com

agency authentication can cloud +19

Understanding Credential Phishing 1 day, 13 hours ago | securityboulevard.com

attackers breach breaches ceo +23

Adaptive DDoS Defense’s Value in the Security Ecosystem 1 day, 14 hours ago | securityboulevard.com

adaptive ddos analytics & intelligence and response attack +24

Understanding Business Email Compromise (BEC) 1 day, 14 hours ago | securityboulevard.com

attackers attacks bec business +17

Risk vs. Threat vs. Vulnerability: What is the difference? 1 day, 16 hours ago | securityboulevard.com

ciso suite click cyber lingo cyber security risks +11

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com