Siemens addressed a deserialization vulnerability, CVE-2022-23450, in its Simatic Energy Manager software two years ago. Despite this, Claroty researchers recently detailed the flaw, attributing it to Siemens' use of a programming method known for security risks. The vulnerability could allow remote code execution if malicious instructions are inserted into a data object before serialization, affecting computers that deserialize the byte stream. The Simatic Energy Manager software uses a proprietary messaging protocol to transmit data about plant energy usage from a web server to a user application. Claroty researchers reverse-engineered this protocol and discovered a message type containing the phrase BinaryFormatter. Behind the scenes, the software is a Microsoft .NET application that uses the .NET BinaryFormatter class for object serialization and deserialization. Microsoft had cautioned against using the BinaryFormatter class since 2020, as it is not safe when used with untrusted input. Despite known risks dating back to at least 2012, when a researcher presented a paper on the subject at the Black Hat conference, and Microsoft's subsequent deprecation of BinaryFormatter in November 2023, Siemens continued to use it. Claroty researchers demonstrated that they could force the Simatic Energy Manager to deserialize malicious code even before authentication, resulting in a remote code execution vulnerability. Siemens customers using Energy Manager versions below V.73 Update 1 remain vulnerable. The vulnerability is rated 10, the highest possible, on the CVSS scale.
The Microsoft Threat Intelligence team has uncovered a concerning trend involving the misuse of Quick Assist, a client management tool, by a threat actor known as Storm-1811. This ...
Intel's recent Patch Tuesday released 41 security advisories covering over 90 vulnerabilities across their product range. While patches have been provided for most of these iss...
Singing River Health System (SRHS) disclosed that approximately 900,000 individuals were affected by a ransomware attack in August 2023. The breach compromised personal data includ...