Chemical Safety Incidents
Siemens Fixes SINEMA Server Hole
Wednesday, October 12, 2016 @ 08:10 AM gHale
Siemens created a new version of its SINEMA Server to mitigate a vulnerability that could allow authenticated operating system users to escalate their privileges under certain conditions, according to a report by Siemens ProductCERT.
All versions of SINEMA Server under V13 SP2 suffer from the issue.
SINEMA Server is a network management software for use in Industrial Ethernet networks.
The vulnerability case number is CVE-2016-6486 and the CVSS base score is 7.3.
Click here to download SINEMA Server V13 SP2, which fixes the vulnerability.
The issue ended up reported to Siemens from rgod working with Trend Micro’s Zero Day Initiative for coordinated disclosure of the vulnerability.
Click here for an overview of the operational guidelines for Industrial Security with the cell protection concept.
Click here for information about Industrial Security by Siemens.