Security researcher Billy Rios took issue on Wednesday with a Siemens statement that there are "no open issues regarding authentication bypass bugs at Siemens." What followed was a security rant on Rios' personal blog that should be very familiar by now: Here's another company that is handling its security disclosures very poorly.Read More
On Monday, a security researcher published new vulnerabilities affecting remote access to the “NOE 771” devices manufactured by Schneider Electrics, one of the world's largest manufacturer of SCADA system devices. The vulnerabilities prompted the ICS-CERT to issue an alert.
Rubén Santamarta (a.k.a. "Reverse Mode"), a 29-year old European-based independent security researcher who previously showed how to hack into the Large Hadron Collider at CERN, said that he was able to attack these devices remotely after first locating vulnerable NOE 771 devices through the SHODAN search engine and then downloading the firmware from Schneider Electric. After reverse engineering the firmware update, Santamarta found he could load a trojanized firmware update, use non-documented hidden accounts, and use other non-documented functionalities. The trouble is in how the devices access remote access commands.Read More