Siemens is warning customers of a local privilege escalation vulnerability that leaves over a dozen models of its SCADA equipment open to attack.

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) cautioned users who work in electrical substations to update certain builds of energy automation software this week. ICS-CERT claims two vulnerabilities exist in the Siemens SICAM Power Automation System, or PAS, that could enable an attacker to reconstruct passwords and obtain sensitive information under certain conditions. Siemens, the German...

Siemens has provided firmware updates addressing vulnerabilities in the SIMATIC WinCC flexible and the SIMATIC S7-300 CPU family.