0
0

[–] derram ago 

https://archive.is/rnwei | :

Siemens patches one security vuln, leaves folks to block second • The Register

'Siemens has plugged a man-in-the-middle vulnerability in its LOGO!8 BM FS-05 industrial automation hardware – but a second remains unpatched. '

'In the absence of a fix, Siemens provides configuration instructions which include using a VPN to protect traffic between cells in the network. '

'All versions of Logo!8 BM older than 1.18.2 are vulnerable and need a firmware update. ', "If the devices' admin web server is visible from the internet and a user is logged in, that would allow a remote attacker to hijack the admin session.", "According to Siemens' advisory, CVE-2017-12734 can be exploited by an attacker to sniff the session ID from an active user session."

This has been an automated message.