Siemens industrial products Shellshocked

By

Patches on the way for critical infrastructure comms devices.

German multinational electronics and engineering giant Siemens has warned that an unknown number of its industrial control and communications products are vulnerable to the Bash command interpreter bug, known as Shellshock.

Siemens industrial products Shellshocked

The Shellshock vulnerable products are the Ruggedcom ROX 1 and ROX 2 Linux-based operating systems in firmware used in ruggedised industrial routers.

In its advisory [PDF], Siemens said all versions of ROX 1 and 2 are affected but only if the Dynamic Host Control Protocol (DHCP) service used to automatically allocate IP addresses to other devices is activated.

Siemens said customers should turn off DHCP on ROX 1 and ROX 2 systems, and use static IP address allocation instead until patches are available.

Its APE LInux version 1.0, which is based on the Debian Linux distribution, is also fully vulnerable to Shellshock. Siemens advised customers to patch Bash on those systems.

The products in question are used in networks that monitor and control processes, for criticial infrastructure such as power generation, manufacturing, food and agriculture and transportation.

Shellshock is rated a ten out of ten, or most critical, in the Common Vulnerability and Exposures (CVE) tracking and ranking system, and affects a large number of Linux distributions as well as UNIX-like operating systems that feature the Bash command line interpreter.

The security hole allows for the easy remote exploitation of vulnerable systems, allowing attackers full control.

Siemens issued patches in August [PDF] this year to plug vulnerabilities against Heartbleed in the OpenSSL cryptographic library, that would otherwise have permitted attackers to invisibly access data on its industrial products.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?