German industrial manufacturing company Siemens patched a pair of vulnerabilities that if exploited could allow an attacker to perform administrative actions or gain read access to sensitive data on affected systems.
The firm Tuesday June 22 patched a vulnerability in communication processor module via a firmware update V1.4.1 [1] for SIMATIC CP 44x-1 RNA modules and Thursday June 24 patched a privilege enforcement vulnerability in XHQ via the s XHQ V4.7.1.3 [1] and XHQ V5.0.0.2 [1] updates.
The SIMATIC CP 44x-1 RNA flaw is the result of improper authentication and is the most critical of the two as it can be remotely exploited using a relatively low skill level, according to a June 22 ICS-CERT advisory
The vulnerable equipment is used in the chemical, critical manufacturing, and food and agriculture sectors in devices that have been deployed worldwide. Users are recommended to minimize network exposure for all control system devices and/or systems, and ensure the systems are not accessible from the Internet.
