Vulnerability in Siemens’ STEP 7 TIA Portal, widely used design and automation software for industrial control systems. If exploited, an attacker could gain access to these systems for espionage or cause widespread physical damage. The vulnerability is in the same Siemens software platform used by the originators of Stuxnet to help spread that malware against Iran’s nuclear facilities nearly a decade ago. An attacker could also exploit the vulnerability to harvest data in other targeted attacks, the Tenable researchers say. Earlier this month, Siemens issued a patch for the vulnerability, dubbed CVE-2019-10915.”]
Source: https://www.cuinfosecurity.com/researchers-disclose-vulnerability-in-siemens-ics-software-a-12765