all InfoSec news
Nozomi Networks Discovers Vulnerability in Siemens Building Automation Software
Security Boulevard securityboulevard.com
Recently, we had the opportunity to do a security analysis of the Siemens PXC4.E16, a Building Automation System (BAS) of the Desigo/APOGEE family for HVAC and building service plants. In this blog, we are publishing the details of a vulnerability that was caused by an improper implementation of the password-based key derivation mechanism for user accounts. It could also have been abused to perform a Denial-of-Service (DoS) attack against the controller.
The post Nozomi Networks Discovers Vulnerability in Siemens Building …
automation blog building automation iot iot & ics security labs labs blogs malware networks nozomi networks nozomi networks labs siemens software vulnerabilities vulnerability vulnerability disclosure