Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A critical vulnerability affects Siemens smart meters

Siemens has just released a firmware update for the 7KT PAC1200 Siemens smart meters that addresses a critical vulnerability. Siemens has just released a firmware update for the 7KT PAC1200 Siemens smart meters to fix a critical vulnerability that can be exploited by remote attackers to bypass authentication and perform administrative actions on the device. The […]

Siemens smart meters

Siemens has just released a firmware update for the 7KT PAC1200 Siemens smart meters that addresses a critical vulnerability.

Siemens has just released a firmware update for the 7KT PAC1200 Siemens smart meters to fix a critical vulnerability that can be exploited by remote attackers to bypass authentication and perform administrative actions on the device.

The KT PAC1200 multichannel measuring devices belong to the Siemens SENTRON energy management family that have been designed to monitor energy consumption using sensors to collect data. Data gathered by Siemens smart meters can be viewed via a desktop web browser or mobile applications for Android and iOS.

Siemens smart meters

The flaw tracked as  CVE-2017-9944  was discovered by the researcher Maxim Rupp, it affects the web server integrated into the Siemens smart meters. The vulnerability allows a remote attacker to bypass authentication using an alternate path or channel, exploiting the issue it is possible to access the web interface and perform administrative operations.

The web interface of Siemens smart meters provides useful information to the users, including power consumption statistics for a specified period and budget monitoring.

The vulnerability affects 7KT PAC1200 data manager running a version of the firmware prior to 2.03.

“Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and perform administrative functions.” states the security advisory published by the US ICS-CERT.

Siemens urges its customers to update their devices to version 2.03 and to protect network access to the web server with appropriate mechanisms.

“Siemens provides firmware Version V2.03 for 7KT PAC1200 data manager (7KT1260) from the SENTRON portfolio, which fixes the vulnerability and recommends users update to the new fixed version. The firmware update V2.0.3 for 7KT PAC1200 data manager (7KT1260) from the SENTRON portfolio can be found on the Siemens web site at the following location:

https://support.industry.siemens.com/cs/ww/de/view/109749883/en?dl=en(link is external) ” ” continues the security advisory.

“As a general security measure, Siemens strongly recommends protecting network access to the devices with appropriate mechanisms. Siemens advises configuring the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Kaspersky, NSA)

[adrotate banner=”5″]

[adrotate banner=”13″]