[ISN] Zero-Day Flaws Found, Patched In Siemens Switches

http://www.darkreading.com/vulnerability/zero-day-flaws-found-patched-in-siemens/240165252 By Kelly Jackson Higgins Dark Reading January 09, 2014 A security researcher has discovered a pair of zero-day vulnerabilities in a popular family of Siemens industrial control system switches that could allow an attacker to take over the network devices without a password. Eireann Leverett, senior security consultant for IOActive, next week at the S4 ICS/SCADA conference in Miami will release his proof-of-concept code for users of the SCALANCE X-200 Switch family to test the flaws in their industrial control systems (ICS) environments. The researcher found the bugs a few months ago and reported them to Siemens, which last fall issued patches for the flaws