[ISN] Ruskie ICS hacker drops nine holes in popular Siemens power plant kit

http://www.theregister.co.uk/2015/08/31/ruskie_ics_hacker_drops_nine_holes_in_popular_siemens_power_plant_kit/ By Darren Pauli The Register 31 Aug 2015 Ilya Karpov of Russian security outfit Positive Technologies has reported nine vulnerabilities in Siemens industrial control system kit used in critical operations from petrochemical labs and power plants up to the Large Hadron Collider. The holes, now patched, also include two for Schneider Electric kit and cover a mix of remote and local exploits that can grant attackers easy and valuable system access. The vulnerabilities (CVE-2015-2823) achieve a severity rating of 6.8 and allow remote net pests to authenticate using a password hash but not the associated password. It affects a variety of specialist SIMATIC WinCC products including Runtime Professional, HMI Mobile Panels, and HMI Basic Panels. […]