all InfoSec news
SSA-511182 V1.0: Use of Static TLS Certificate Known Hard Coded Private Keys in Adaptec Maxview Application
Siemens ProductCERT Security Advisories cert-portal.siemens.com
The Adaptec Maxview application shipped with affected SIMATIC IPCs contains a hard coded, non-unique certificate to secure HTTPS connections between the browser and the local Maxview configuration application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.
Adaptec has released updates for the affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products …
application attack browser certificate configuration connections countermeasures data decrypt hard hard coded https key keys latest local man-in-the-middle may non order private private keys products siemens simatic ssa tls traffic update updates