Siemens has finally provided patches for a number of Microsoft Windows SMBv1 vulnerabilities that affect some of the medical devices sold under the Siemens Healthineers brand.
After WannaCry hit systems around the world in May, the company acknowledged that some of its customers may be facing impacts from the cyber-attack, as some of Siemens Healthineers’ products “may be affected by the Microsoft vulnerability being exploited by the WannaCry ransomware.” Fixes have now been provided for a variety of laboratory diagnostics products, as well as radiography, mobile X-ray and mammography systems.Read more
Researchers have discovered two vulnerabilities in Siemens’ SICAM Power Automation System, an automation system used by energy companies worldwide to operate electrical substations.
The Windows-based software product is advertised as scalable, flexible, easy to operate and cost-efficient. Researchers at Positive Technologies analyzed the Siemens product and found that it’s plagued by two information disclosure vulnerabilities that can be exploited by a local attacker. Experts discovered that user passwords are not protected properly, allowing an attacker to reconstruct the information.Read more