Fifteen vulnerabilities affecting Siemens SINEC network management system (NMS) were unveiled this week, according to new research published by security company Claroty.
The bugs affect all versions before V1.0 SP2 Update 1 and Siemens
urged users to update their versions as soon as possible.
Noam Moshe, vulnerability researcher with Claroty, told The Record that the most concerning of the 15 vulnerabilities – which include denial-of-service attacks, credential leaks, and remote code execution in certain circumstances – revolve around CVE-2021-33723 and CVE-2021-33722.
Moshe noted that network management systems are used to centrally monitor, manage, and configure industrial networks with tens of thousands of devices. They are used widely in industrial automation across several industries, including manufacturing, oil and gas, electrical grids, and more.
![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
therecord.media
