Top 5 Stories


Flaws in Siemens FactoryLink could be exploited remotely

06 January 2012

Two vulnerabilities in the Siemens FactoryLink industrial control system could enable a hacker to carry out remotely denial of service and arbitrary code execution attacks, warned the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

Buffer overflow and data corruption vulnerabilities, discovered by researcher Kuang-Chun Hung of Taiwan’s Information and Communication Security Technology Center, affect ActiveX components in Siemens Tecnomatix FactoryLink versions V8.0.2.54, V7.5.217 (V7.5 SP2), and V6.6.1 (V6.6 SP1).

The Siemens Tecnomatix FactoryLink software is used for monitoring and controlling industrial processes in variety of industries, including oil and gas, chemicals, food and beverage, and building automation.

The buffer overflow vulnerability is exploited by inputting a long string to a specific parameter, causing a buffer overflow that could allow the execution of arbitrary code. The data corruption vulnerability is exploited by inputting arbitrary data, causing a file save to any specified location on the target system, the ICS-CERT explained.

Siemens has released a patch to its customers to address these vulnerabilities. ICS-CERT has confirmed that the Siemens patch resolves the reported vulnerabilities.

In addition, Microsoft has released a kill bit to address the ActiveX vulnerabilities. Customers of Siemens Tecnomatix FactoryLink should also install the security update referenced in the Microsoft Security Advisory 2562937, the ICS-CERT advised.

This article is featured in:
Application Security  •  Data Loss  •  Internet and Network Security  •  Public Sector


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×