Siemens Fixes SINEMA Server Hole

Wednesday, October 12, 2016 @ 08:10 AM gHale

Siemens created a new version of its SINEMA Server to mitigate a vulnerability that could allow authenticated operating system users to escalate their privileges under certain conditions, according to a report by Siemens ProductCERT.

All versions of SINEMA Server under V13 SP2 suffer from the issue.

Insulin Pump Vulnerabilities
GE Clears Bently Nevada Vulnerability
Beckhoff Clears Old Vulnerabilities
INDAS Patches Path Traversal Hole

SINEMA Server is a network management software for use in Industrial Ethernet networks.

The vulnerability case number is CVE-2016-6486 and the CVSS base score is 7.3.

Click here to download SINEMA Server V13 SP2, which fixes the vulnerability.

The issue ended up reported to Siemens from rgod working with Trend Micro’s Zero Day Initiative for coordinated disclosure of the vulnerability.

Click here for an overview of the operational guidelines for Industrial Security with the cell protection concept.

Click here for information about Industrial Security by Siemens.